But the minute you outsource responsibility or governance of information security to a third party, you tie a noose around your neck and hand the end of the rope to a vendor.
If your business critical services are provided via a third party, you need to ensure you have people inside your business who not only actively manage external relationships and deliverables. You also need to have someone who takes full responsibility for information security and its governance, and who has a full incident management procedure prepared in the case of a breach.
If you don’t have this in place, you’ve left the back door wide open and a welcome mat out for any criminal or hacker who wants to come in.
Sign up for CIO Asia eNewsletters.