3rd Party Audits

Organization’s are no longer single entities, conducting business in a vacuum. Instead, the focus is on the “extended enterprise” – business managers have to integrate remote locations, subsidiaries, partners, operations that are outsourced to third parties in local or foreign locations, and mergers and acquisitions.

The technical aspects of connectivity can be daunting; however, securing the data flowing between these points can be an even greater challenge, particularly when the various legal and regulatory frameworks must be considered. For example, the Personal Information Protection and Electronic Documents Act, or PIPEDA, sets the Canadian standard for how personal information must be protected. It states that:

An organization is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing. The organization shall use contractual or other means to provide a comparable level of protection while the information is being processed by a third party

DigitalDefence combines technical knowledge and experience, a strong practical knowledge of international laws and regulations, and a deep respect for different business cultures to provide our third party auditing service.

Based on the required level of due diligence, DigitalDefence can provide:

• Assistance in developing a business partner / third party risk management lifecycle. All aspects of management from the initial due diligence, through the implementation and monitoring of security practices, to the execution and validation of the exit strategy can be developed to protect your organization
• Documentation reviews, including contracts and partner policies, standards, and practices
• Development and implementation of specific questionaires to identify current security and privacy practices, and highlight specific gaps that may require mediation
• On-site audits to assess physical security, data centre operations and key security practices and identify gaps between the two organizations
• Industry-specific audits of partner practices (e.g.: PIPEDA, SoX)
• Follow-up activities to ensure compliance

When the third party audit has been completed, the improved integration among all parties will ensure compliance with all relevant laws and regulations, and enhance the security and privacy of your data