When outsourcing functions such as finance, HR, or accounting, businesses are still responsible for the security of the data they are sharing. This process usually involves the transfer of a large amount of private data which poses a large risk. This data includes proprietary business practices, employee information, and client payment information. It is essential that your business recognizes the importance of this data and works to ensure its security. When outsourcing business functions, it is important to inquire about the potential provider’s abilities and recommendations.
The Federal Trade Commission, or FTC, holds US businesses accountable for loss or damage done through their outsourced partners. It is your responsibility to ensure the compliance of your partners to national and industry-specific regulations and practices. There are multiple acts passed by congress which regulate the privacy and information security requirements of businesses. One of these acts enables the FTC to hold international companies which provide services to US businesses accountable for their actions. These authorities do take into account business’ efforts to manage risks and ensure security. This includes audit rights, which allow businesses to analyze the security of this data throughout the contract.
Questions to ask these companies include:
- What level of access or which data do you require?
- How sensitive is the data you require?
- What are you allowed to do with this data? Can you sell it to third parties?
- Who will have access to this data?
- What technical and organizational security measures do you have in place?
- Which laws affect this transfer of data?
- Are you compliant with all industry regulations?
- Do you utilize subcontractors? If so, how do you guarantee their compliance?
- Which aspects of your contract will ensure our security?
We understand that these laws are complicated and that it can be difficult to fully protect your business. However, with the growing number of threats and attacks, it is imperative that you take the proper precautions to safeguard your critical information. Stay tuned to our blog for more security tips, industry news, and company highlights!