Why you should insist on vendor security certification.
Your free vendor security checklist.
Evaluating Risk: Information Security in a SaaS World. Company data, whether it is legally sensitive, personally identifiable or business-critical, is often the most valuable and high-risk asset of your organisation. Therefore, the introduction of any new system must be rigorously risk assessed to consider information security implications, including:
- Confidentiality
- Integrity
- Availability
These risks extend not only to the systems and tools that will be storing and processing the data but also to the individuals who have access to them. Which is why it is essential that vendors have an Information Security Management System (ISMS) that covers their entire organisation, including their downstream supplier relationships. It is not sufficient to be told: “we use a datacenter that has all the security certifications you need”.
Thanks to international information security standards such as ISO27001 and SOC2, it is possible for vendors to evidence their security posture through independent audit certifications and reports, thus providing you with the reassurance that your data will be stored and processed securely.
A vendor’s website that displays internationally recognised standards logos is a strong indication that you can add them to your shortlist when looking to bring a new suite of tools into your organisation.