Compliance Risks With Third Party Vendors

You’ll want to pay close attention to this section of your Vendor Risk Assessment. Compliance violations can incur penalties and result in more stringent oversight by a government agency.

In the Cloud, you must be mindful of not only your data handling responsibilities, but also your Cloud vendors' responsibilities. They could be more or less stringent than your own and could create a headache for you if your vendor doesn't adhere to its regulations and yours, including:

• GDPR in the EU
• FedRAMP
• Sarbanes Oxley Act (SOX)
• PCIDSS
• FISMA
• HIPAA
• IOS

First, you must understand the compliance requirements for your jurisdiction. Second, you must comply with data handling regulations where your CSP or SaaS provider operates. Third, your CSP or SaaS provider must comply with the same regulations you do.

If the CSP violates regulations you must comply with, you could be held accountable for the violations or in a lawsuit.

On the other hand, does the CSP operate in a jurisdiction, like the EU, where data regulations could be even more stringent than yours? If so, will those regulations hinder your business?

Entrusting your operations to a third-party does not absolve you of responsibility for compliance infractions.

For more information about performing a VRA on Cloud and SaaS vendors, grab your FREE copy of our e-Book, "Find Your Cloud 9's", which offers a mini-guide to the VRA process. 

To set up a Reference Interview on the questions you have about investing in new technology for your business, contact me at 302-537-4198, ericm@edminfopro.com or on our Contact form.