Most organisations handling sensitive data will find themselves sharing this data with other organisations, for various reasons.
At Inverifi, and our sister companies, we host our apps on AWS. We place our customers’ data in the hands of Amazon.
When you share data with another organisation, there are always risks involved. How a supplier chooses to handle your data, is ultimately out of your control.
Unfortunately, there’s nothing you can do to completely eliminate this risk. However, there are measures you can take to minimise it.
Such measures are required by ISO 27001 annex A.15.
If you are working with a smaller supplier, you might choose to send them any of your information security policies, relevant to the data they’ll be handling.
The supplier will then read those policies and ensure that they follow them while doing business with you.
Inverifi simplifies this process, by allowing you to invite users from external organisations to view your documents securely.
Alternatively, if the supplier you have in mind operates at a large scale and can’t adjust its service to meet your exact requirements, you can read their privacy policy instead.
Most companies in most countries are required to have a privacy policy.
A privacy policy documents how a supplier will handle your data. It will also include contact details, allowing you to ask them specific questions, possibly not covered by the privacy policy.
When you read a privacy policy, you will be able to determine whether the supplier’s data handling procedures are acceptable, in line with your own information security policies.
Another potentially important factor in determining whether you trust a particular supplier with your data, is whether they have any certifications which assure you that they handle data securely.
One of the reasons we use AWS is because, like us, they are ISO 27001-compliant. We know AWS has been audited, and we know how thorough audits for this particular standard can be.
If you’re considering a supplier with an ISO 27001 certification, you can rest assured that they have processes they follow, consistently, to ensure that your data is handled securely.
As I mentioned at the start of this blog entry, there are always risks associated with placing your data in the hands of another organisation. These risks must be considered.
Once again, there is nothing you can do to completely eliminate the risks.
For this reason, we strongly recommend considering the measures explained above, whenever you decide whether to trust another organisation with your data.
Streamlining compliance – introducing Inverifi’s new compliance standard templates Introducing Inverifi’s Annex control functionality We’re happy to announce that compliance standards are now live in
ISO 27001 Controls: Developing Secure Apps The importance of privacy and security When you’re developing an application, it is important to consider how it handles
Introducing Diagrams A new way to visualise and connect your organisation’s process flows We are thrilled to announce the release of Diagrams, a brand new
©Copyright Inverifi 2023, All rights reserved. Registered in England, No: 06959535, , +44 20 4574 9908
