Friday, October 9, 2015

3 Third Party Don'ts

(This article originally appeared on my LinkedIn profile.)
Disclaimer: This post is about Third Party Risk Management, not politics. 
So I'll get right to it...
1. Don't Sign That Paper!
...until you have read it, and read it again, and had your legal council read it. I read contracts a lot... more than I care to. I have yet to run across a blatantly devious third party contract but I rarely see one that doesn't require edits. Third Party contracts are usually template based and ready for you to fill in the blanks. They weren't written specifically for your business model and may not meet your requirements. Also, they may leave you with little recourse in the event of a data breach, or other disaster.

2. Don't Trust Your Third Party!
What I mean is don't trust them solely. Adopting an outsourcing model doesn't eliminate the need to manage business processes in-house. Before migrating to a third party, ensure that you clearly document all supporting processes and cross-functional dependencies. Validate that your third party contract also addresses these processes. Your organization must continue to manage any process that your third party does not expressly perform. 
3. Don't Be A Guinea Pig!
It's probably not a good idea to outsource key business processes to a third party who doesn't offer them as one of their core services. Would you ask your auto brakes guy to bake your wedding cake? Probably not, so I wouldn't really recommend asking your IT services provider to develop your customer facing web application. If it's not what they do best, don't let them try out their skills on your business. It's a recipe for disaster.

- Dragon's Lair Security |
Also find me on: YouTube | Twitter | LinkedIn

Copyright © Dragon's Lair Security. All rights reserved.

No comments:

Post a Comment