Most organisations handling sensitive data will find themselves sharing this data with other organisations, for various reasons.
At Inverifi, and our sister companies, we host our apps on AWS. We place our customers’ data in the hands of Amazon.
When you share data with another organisation, there are always risks involved. How a supplier chooses to handle your data, is ultimately out of your control.
Unfortunately, there’s nothing you can do to completely eliminate this risk. However, there are measures you can take to minimise it.
Such measures are required by ISO 27001 annex A.15.
If you are working with a smaller supplier, you might choose to send them any of your information security policies, relevant to the data they’ll be handling.
The supplier will then read those policies and ensure that they follow them while doing business with you.
Inverifi simplifies this process, by allowing you to invite users from external organisations to view your documents securely.
Another potentially important factor in determining whether you trust a particular supplier with your data, is whether they have any certifications which assure you that they handle data securely.
One of the reasons we use AWS is because, like us, they are ISO 27001-compliant. We know AWS has been audited, and we know how thorough audits for this particular standard can be.
If you’re considering a supplier with an ISO 27001 certification, you can rest assured that they have processes they follow, consistently, to ensure that your data is handled securely.
As I mentioned at the start of this blog entry, there are always risks associated with placing your data in the hands of another organisation. These risks must be considered.
Once again, there is nothing you can do to completely eliminate the risks.
For this reason, we strongly recommend considering the measures explained above, whenever you decide whether to trust another organisation with your data.