As businesses increasingly work with various types of third parties that process sensitive information and, in some cases, access a company’s networks, there is an inherent risk: these third parties create new avenues of attack against a company’s data, systems, and networks. Covington attorneys David Fagan, Nigel Howard, Kurt Wimmer, and Elizabeth Canter describe these potential risks and the measures that can be used to mitigate such risks in a chapter they authored entitled “Managing risk associated with third-party outsourcing” — which appears in a new book, Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers.
The chapter describes several critical elements of managing third-party risk, including the goals and process for pre-engagement due diligence of third parties, approaches to managing risk through contract (including the challenges of negotiating appropriate indemnifications and liability provisions), and ongoing monitoring and oversight of third parties.
To download a copy of Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers, visit www.securityroundtable.org.