Information Security Best Practices: Service Provider AgreementsOctober 5th, 2014
FiledOctober 5th, 2014A business retains a vendor to perform customer-billing services. One of the vendor’s computers is hacked from an IP address in China when a server is inadvertently left without a firewall following an internet outage. The attack compromises customer credit card information, and triggers notifications statutes throughout the country. As between the business and the vendor, how will responsibility for responding to the event handled? The answer may lie in a thoughtfully drafted service provider agreement.