Beyond the firewall

Information governance focuses a lot of time and attention on internal compliance with law and company policy and the protection/security of corporate information.  One aspect of protecting/securing corporate information is to protect/secure it where it lives, which may not be just within the corporation.

“Firms Raise Hacking Defenses,” Wall Street Journal, October 27, 2014 B5. are looking at how one group of vendors control access and use of the bank’s information: the outside lawyers.

Do your vendors follow your information policies and record retention and disposal processes?  If you have litigation or an investigation, you likely have a duty to preserve and produce relevant information in the hands of your vendors.  Do you audit them, too?

Leave a comment

Filed under Board, Business Case, Compliance, Compliance, Compliance Verification, Controls, Governance, Information, Interconnections, Internal controls, IT, Management, Oversight, Privacy, Protect, Protect assets, Protect information assets, Records Management, Risk, Security, Third parties

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s