HIDDEN DANGERS: ASPs AND ETHICS
Questions to Ask When Your Data’s in Third-Party Hands
By RONALD L. SEIGNEUR
Are you considering using an ASP, Webmaster or online data backup or file storage provider? If so, you must focus on the security of your sensitive information. Here are potential questions to address when considering any technology application that allows for, or requires, important data to be stored or maintained at a third-party location.
• Who is the vendor providing the service and how long has it been in business?
• Who owns the company, what is its financial position and how is it funded?
• Who else has used the service and what has their experience been? Does the service routinely handle customers with needs similar to ours?
• What other alternatives do we have available to fulfill this need and what are the pros and cons of each?
• What other vendors offer this service and how do they differentiate themselves?
• How will our sensitive data be transmitted to and from the vendor? Do we need to use a data encryption protocol?
• How will the vendor store our sensitive data and who will have access to it?
• What type of backup procedure does the vendor use and how can we verify that it is being enforced?
• What type of personnel screening policies and related safeguards does the vendor have to ensure there will be no breaches of security by disgruntled employees or infiltration by outside parties?
• Do we need to have a backup plan to allow for contingencies, such as if we lose our Internet connection, or the vendor goes out of business or is subjected to a disaster, such as fire or flood?
• How easily can we disengage this initiative if our needs dictate that we do so?
Ronald L. Seigneur (firstname.lastname@example.org) is a former law firm administrator specializing in consulting and business valuation to professional service firms.