Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

Protecting data no longer under your control?

Hello All,

I was asked a question by our senior counsel that has me running in circles: How do we limit/restrict what a 3rd Party can do with our data once we send it to them?

Historically, they share documents with external partners and other law offices via physical media (DVD, USB, etc). He wants them to have the ability to view and print the documents therein, but limit their ability to copy/copy-paste the files and the data from the DVD to other media. This sounds like DRM to me, which we all know has failed miserably for years within the recording industries. It may be a "reasonable" level of protection, but there will still be ways for those 3rd-Parties to achieve what he is trying to block if we are sending them physical media. I mean, if they can print the docs, they can print straight to file/pdf so.......

What other options are out there? It seems to me that the only real way to achieve this is to host it in a cloud solution with all rights beyond read restricted, supply them with the locked down presentation app so that data is not read into local RAM on their end, and remove their ability to print. While we have no control over screen capture functionality, this would make copying searchable files very difficult without OCR capabilities of some kind and without lots of time spent on the "attackers" part. 

Thanks in advance for any helpful feedback. At the very least this is a great thought exercise :)
You must sign in to rate content.
(Unrated)

Comments

RE: Protecting data no longer under your control?

Kyle,

What is the reason behind your senior counsel's request - i.e. why don't they want the recipients to be able copy/paste etc?

Also is printing an absolute requirement? If someone is allowed to print documents they can either print direct to pdf or print and scan, either way they end up with an editable file.

It is very difficult to constrain usage of content in this way, there are some interesting online only options, but even then a determined recipient can usually extract the contents.

Generally speaking I would be inclined to rely on a contractual commitment (if appropriate / possible).

As an aside, from a data protection perspective the use of physical media sends shivers up my spine...in my opinion there are far better (i.e. lower risk) options available these days (that avoid issues associated with media handling, encryption, management of keys/passwords etc), but that is a whole other conversation!
AlexGEnergizer at 11/9/2016 11:53:04 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Protecting data no longer under your control?

Thanks Alex, you seem to be approaching this question from the same angle as myself. 

I asked that first question and received very little in the way of a straight forward answer, so I feel safe in assuming this is a knee-jerk reaction to something they read/heard from a colleague elsewhere. Meaning the question asked is little more than the result of a lack of understanding regarding security in this space. 

As to the printing requirement, I need to press on that further with them because that is the major hiccup in his request. If we provide them with that functionality then we cannot restrict the others. And if we remove their ability to print, then why not just do this the old fashioned way where the other team comes on site, we provide them a room and the documents, they review them and then leave with no copies of our data? 

I believe I'm at a point in my research where a follow-up meeting is required to clarify the requirements for the request. I'll post back with any new information/updates.
Kyle430Social at 11/9/2016 12:55:06 PM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Well, it could be simply in order to make it difficult to integrate elsewhere. I.e. rather than ana actual security concern it may be an operational concern - that whoever wants to use the information outside of whatever agreement would need to go through the cumbersome steps of converting the data into a useful format. 
It is obviously not possible in general - simply take a photo of the screen - if it is text run OCR on it. Securing shared data is impossible. 
FrankFahrendorfLively at 11/9/2016 1:15:04 PM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Hello, In my opinion, AlexG is right ("Generally speaking I would be inclined to rely on a contractual commitment (if appropriate / possible)." If contractual commitment is possible, you can find some "inspirations" in Art. 28 GDPR.
Amedeo808Social at 12/2/2016 6:15:29 AM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

The golden fact  is that security can never be total or absolute. So you need  operational controls like DRM/RMS/IRM and things like these and also administrative controls like contracts/NDAs etc.  Combining both also would not be 100% but better than just one type. It is is true that if print/copy/save is disabled people can still take a screenshot or use OCR for text but here you are increasing the difficulty so it creates a deterrence and the uncontrolled  proliferation of unauthorised copies of information or data would be limited. This will reduce the chances that data is abused. So suggesting just contractual obligations is not the effective solution. There would be people who do not care for such things and break such contracts or would find loopholes in them. But the majority(my wishful guess) would abide by them. So a holistic approach is advised.
  
Gubba RameshLively at 12/2/2016 8:36:47 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Protecting data no longer under your control?

Gubba,

What you say may be OK in theory, but if an organisation does not have DRM/RMS/IRM a significant investment will be necessary.
From a risk management perspective I doubt many risk personnel would 'risk' their credibility by trying to convince the board that investment in ineffective controls is justified.

Even if one had DRM/RMS/IRM available it would result in little more than an illusion of security, from a risk perspective it should remain marked as untreated and logged in the risk register. Further, there are no particular skills necessary to circumvent such controls so I am not even sure one could sensible claim partial treatment and reduce the risk level.

Ultimately from a data protection perspective, if one cannot trust a 3rd party to process personal data in accordance with contractual terms, then the information should not be shared with them, irrespective of any technical controls.
AlexGEnergizer at 12/22/2016 8:43:57 AM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

You stumble upon a topic that our regualtors often seek our commentary upon. No siliver bullets here but here's some feedback I hope resonates. Aside from the 'front-end' reviews and contractual clauses like audit rights, returning data, and data protection, you should consider monitoring the data sharing during the contract, and also have processes that you follow at the termination of a contract (e.g. checklists that detail how information is being handled and why they need to keep it, for how long, how it is destroyed). You could, in a world of no resource constraints, restrict any onward transfer of data pending your company review of that 4th party's security controls. This last point is important as it can and should be scaled to the amount of records being sent against your risk profile, insurance by your company, your vendor's and their vendor. Also, consider contractually restricting them from sharing the information and deal with exceptions until you can find a solution that meets those exceptions (e.g. secured portals and cloud solutions that gives you control how long it is kept there). If the exceptions are the norm, perhaps seek a sharing tool and contractually obligated them to exclusively use it for informaiton sharing on your terms. Good luck!
Bill ConnollyLively at 1/11/2017 10:30:39 AM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Hello,

I'm new to ISACA and I was reading posts in this forum. I'm actually interested in this section (Privacy / Data Protection) since I'm leading the development for an IRM software in Spain. 

Kyle has mentioned several cons that we have already taken into account and I would like to hear more inconvenients. Also if you would like to try out our product, contact me.


Eric049Lively at 3/9/2017 8:07:39 AM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Thanks for the insight Bill, I'm trying to address much of that through formalization of a Third Party Risk Management program consisting of InfoSec, HR, and Legal. In essence, we ran with something along the lines of your last piece of advice and went with a solution which allows us to maintain ongoing control over the data for as long as the third party has possession of it. We fulfilled our legal obligation to provide the data, the receiving entity has no hand in the level of security we apply to that data.

But to update everyone, we decided to go with LockLizard Safeguard PDF for this particular project. The solution ships with it's own reader which implements the controls and converts the documents so they are unreadable by any other application. I was able to secure the documents to USB drives with the following restrictions:          
   - registration with our service, I have to manually authorize access from my end
   - re-auth every 90 days
   - 4 year data expiration
   - Screen scraping protections
   - water marks (on screen and print)
   - Print-only (no save; print to anything other than standard printer disabled)

While I'm sure there are ways around these controls, security was not the ultimate goal of this project as I had originally envisioned. Still, I feel this is a reasonable level of protection that would satisfy any audit in the event of a breach and highly recommend the solution. 
Kyle430Social at 3/9/2017 9:30:52 AM Quote
You must sign in to rate content.
(2 ratings)

RE: Protecting data no longer under your control?

Interesting topic. I would like to hear more. I have noticed also some other pdf documents can not be copied or pasted due to some restrictions applied on it. M not sure which programs are used to lock the documents
PRECIOUS785Social at 3/14/2017 3:18:11 AM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

I would agree to Alex. There is no way to prevent them from printing the data. If they are determined they will be printing it. Let say the data is OCR, DRM protected, the user can just do a print screen and print the data. It is very difficult to prevent intentional fraud.
Jacob Kurian AmbatEnergizer at 8/21/2017 6:53:49 PM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Hi kyle430,

Thanks for sharing your experience and the solution, that will help others to get in place. I believe, you might be following the audit process as well as a 3-rd party audit concept. 3-parties are carrying your sensitive data and you have right to have a audit of their compliance with the help of your internal team members or you can hire/engage certain impanlled auditor to get it done.
Anand292Energizer at 1/6/2018 10:05:23 PM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Hi kyle430,

Thanks for sharing your experience and the solution, that will help others to get in place. I believe, you might be following the audit process as well as a 3-rd party audit concept. 3-parties are carrying your sensitive data and you have right to have a audit of their compliance with the help of your internal team members or you can hire/engage certain impanlled auditor to get it done.
Anand292Energizer at 1/6/2018 10:05:23 PM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

I would agree to Alex. There is no way to prevent them from printing the data. If they are determined they will be printing it. Let say the data is OCR, DRM protected, the user can just do a print screen and print the data. It is very difficult to prevent intentional fraud.
Jacob Kurian AmbatEnergizer at 8/21/2017 6:53:49 PM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Interesting topic. I would like to hear more. I have noticed also some other pdf documents can not be copied or pasted due to some restrictions applied on it. M not sure which programs are used to lock the documents
PRECIOUS785Social at 3/14/2017 3:18:11 AM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Thanks for the insight Bill, I'm trying to address much of that through formalization of a Third Party Risk Management program consisting of InfoSec, HR, and Legal. In essence, we ran with something along the lines of your last piece of advice and went with a solution which allows us to maintain ongoing control over the data for as long as the third party has possession of it. We fulfilled our legal obligation to provide the data, the receiving entity has no hand in the level of security we apply to that data.

But to update everyone, we decided to go with LockLizard Safeguard PDF for this particular project. The solution ships with it's own reader which implements the controls and converts the documents so they are unreadable by any other application. I was able to secure the documents to USB drives with the following restrictions:          
   - registration with our service, I have to manually authorize access from my end
   - re-auth every 90 days
   - 4 year data expiration
   - Screen scraping protections
   - water marks (on screen and print)
   - Print-only (no save; print to anything other than standard printer disabled)

While I'm sure there are ways around these controls, security was not the ultimate goal of this project as I had originally envisioned. Still, I feel this is a reasonable level of protection that would satisfy any audit in the event of a breach and highly recommend the solution. 
Kyle430Social at 3/9/2017 9:30:52 AM Quote
You must sign in to rate content.
(2 ratings)

RE: Protecting data no longer under your control?

Hello,

I'm new to ISACA and I was reading posts in this forum. I'm actually interested in this section (Privacy / Data Protection) since I'm leading the development for an IRM software in Spain. 

Kyle has mentioned several cons that we have already taken into account and I would like to hear more inconvenients. Also if you would like to try out our product, contact me.


Eric049Lively at 3/9/2017 8:07:39 AM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

You stumble upon a topic that our regualtors often seek our commentary upon. No siliver bullets here but here's some feedback I hope resonates. Aside from the 'front-end' reviews and contractual clauses like audit rights, returning data, and data protection, you should consider monitoring the data sharing during the contract, and also have processes that you follow at the termination of a contract (e.g. checklists that detail how information is being handled and why they need to keep it, for how long, how it is destroyed). You could, in a world of no resource constraints, restrict any onward transfer of data pending your company review of that 4th party's security controls. This last point is important as it can and should be scaled to the amount of records being sent against your risk profile, insurance by your company, your vendor's and their vendor. Also, consider contractually restricting them from sharing the information and deal with exceptions until you can find a solution that meets those exceptions (e.g. secured portals and cloud solutions that gives you control how long it is kept there). If the exceptions are the norm, perhaps seek a sharing tool and contractually obligated them to exclusively use it for informaiton sharing on your terms. Good luck!
Bill ConnollyLively at 1/11/2017 10:30:39 AM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Gubba,

What you say may be OK in theory, but if an organisation does not have DRM/RMS/IRM a significant investment will be necessary.
From a risk management perspective I doubt many risk personnel would 'risk' their credibility by trying to convince the board that investment in ineffective controls is justified.

Even if one had DRM/RMS/IRM available it would result in little more than an illusion of security, from a risk perspective it should remain marked as untreated and logged in the risk register. Further, there are no particular skills necessary to circumvent such controls so I am not even sure one could sensible claim partial treatment and reduce the risk level.

Ultimately from a data protection perspective, if one cannot trust a 3rd party to process personal data in accordance with contractual terms, then the information should not be shared with them, irrespective of any technical controls.
AlexGEnergizer at 12/22/2016 8:43:57 AM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

The golden fact  is that security can never be total or absolute. So you need  operational controls like DRM/RMS/IRM and things like these and also administrative controls like contracts/NDAs etc.  Combining both also would not be 100% but better than just one type. It is is true that if print/copy/save is disabled people can still take a screenshot or use OCR for text but here you are increasing the difficulty so it creates a deterrence and the uncontrolled  proliferation of unauthorised copies of information or data would be limited. This will reduce the chances that data is abused. So suggesting just contractual obligations is not the effective solution. There would be people who do not care for such things and break such contracts or would find loopholes in them. But the majority(my wishful guess) would abide by them. So a holistic approach is advised.
  
Gubba RameshLively at 12/2/2016 8:36:47 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Protecting data no longer under your control?

Hello, In my opinion, AlexG is right ("Generally speaking I would be inclined to rely on a contractual commitment (if appropriate / possible)." If contractual commitment is possible, you can find some "inspirations" in Art. 28 GDPR.
Amedeo808Social at 12/2/2016 6:15:29 AM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Well, it could be simply in order to make it difficult to integrate elsewhere. I.e. rather than ana actual security concern it may be an operational concern - that whoever wants to use the information outside of whatever agreement would need to go through the cumbersome steps of converting the data into a useful format. 
It is obviously not possible in general - simply take a photo of the screen - if it is text run OCR on it. Securing shared data is impossible. 
FrankFahrendorfLively at 11/9/2016 1:15:04 PM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Thanks Alex, you seem to be approaching this question from the same angle as myself. 

I asked that first question and received very little in the way of a straight forward answer, so I feel safe in assuming this is a knee-jerk reaction to something they read/heard from a colleague elsewhere. Meaning the question asked is little more than the result of a lack of understanding regarding security in this space. 

As to the printing requirement, I need to press on that further with them because that is the major hiccup in his request. If we provide them with that functionality then we cannot restrict the others. And if we remove their ability to print, then why not just do this the old fashioned way where the other team comes on site, we provide them a room and the documents, they review them and then leave with no copies of our data? 

I believe I'm at a point in my research where a follow-up meeting is required to clarify the requirements for the request. I'll post back with any new information/updates.
Kyle430Social at 11/9/2016 12:55:06 PM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Kyle,

What is the reason behind your senior counsel's request - i.e. why don't they want the recipients to be able copy/paste etc?

Also is printing an absolute requirement? If someone is allowed to print documents they can either print direct to pdf or print and scan, either way they end up with an editable file.

It is very difficult to constrain usage of content in this way, there are some interesting online only options, but even then a determined recipient can usually extract the contents.

Generally speaking I would be inclined to rely on a contractual commitment (if appropriate / possible).

As an aside, from a data protection perspective the use of physical media sends shivers up my spine...in my opinion there are far better (i.e. lower risk) options available these days (that avoid issues associated with media handling, encryption, management of keys/passwords etc), but that is a whole other conversation!
AlexGEnergizer at 11/9/2016 11:53:04 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Protecting data no longer under your control?

Thanks for the insight Bill, I'm trying to address much of that through formalization of a Third Party Risk Management program consisting of InfoSec, HR, and Legal. In essence, we ran with something along the lines of your last piece of advice and went with a solution which allows us to maintain ongoing control over the data for as long as the third party has possession of it. We fulfilled our legal obligation to provide the data, the receiving entity has no hand in the level of security we apply to that data.

But to update everyone, we decided to go with LockLizard Safeguard PDF for this particular project. The solution ships with it's own reader which implements the controls and converts the documents so they are unreadable by any other application. I was able to secure the documents to USB drives with the following restrictions:          
   - registration with our service, I have to manually authorize access from my end
   - re-auth every 90 days
   - 4 year data expiration
   - Screen scraping protections
   - water marks (on screen and print)
   - Print-only (no save; print to anything other than standard printer disabled)

While I'm sure there are ways around these controls, security was not the ultimate goal of this project as I had originally envisioned. Still, I feel this is a reasonable level of protection that would satisfy any audit in the event of a breach and highly recommend the solution. 
Kyle430Social at 3/9/2017 9:30:52 AM Quote
You must sign in to rate content.
(2 ratings)

RE: Protecting data no longer under your control?

The golden fact  is that security can never be total or absolute. So you need  operational controls like DRM/RMS/IRM and things like these and also administrative controls like contracts/NDAs etc.  Combining both also would not be 100% but better than just one type. It is is true that if print/copy/save is disabled people can still take a screenshot or use OCR for text but here you are increasing the difficulty so it creates a deterrence and the uncontrolled  proliferation of unauthorised copies of information or data would be limited. This will reduce the chances that data is abused. So suggesting just contractual obligations is not the effective solution. There would be people who do not care for such things and break such contracts or would find loopholes in them. But the majority(my wishful guess) would abide by them. So a holistic approach is advised.
  
Gubba RameshLively at 12/2/2016 8:36:47 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Protecting data no longer under your control?

Kyle,

What is the reason behind your senior counsel's request - i.e. why don't they want the recipients to be able copy/paste etc?

Also is printing an absolute requirement? If someone is allowed to print documents they can either print direct to pdf or print and scan, either way they end up with an editable file.

It is very difficult to constrain usage of content in this way, there are some interesting online only options, but even then a determined recipient can usually extract the contents.

Generally speaking I would be inclined to rely on a contractual commitment (if appropriate / possible).

As an aside, from a data protection perspective the use of physical media sends shivers up my spine...in my opinion there are far better (i.e. lower risk) options available these days (that avoid issues associated with media handling, encryption, management of keys/passwords etc), but that is a whole other conversation!
AlexGEnergizer at 11/9/2016 11:53:04 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Protecting data no longer under your control?

Thanks Alex, you seem to be approaching this question from the same angle as myself. 

I asked that first question and received very little in the way of a straight forward answer, so I feel safe in assuming this is a knee-jerk reaction to something they read/heard from a colleague elsewhere. Meaning the question asked is little more than the result of a lack of understanding regarding security in this space. 

As to the printing requirement, I need to press on that further with them because that is the major hiccup in his request. If we provide them with that functionality then we cannot restrict the others. And if we remove their ability to print, then why not just do this the old fashioned way where the other team comes on site, we provide them a room and the documents, they review them and then leave with no copies of our data? 

I believe I'm at a point in my research where a follow-up meeting is required to clarify the requirements for the request. I'll post back with any new information/updates.
Kyle430Social at 11/9/2016 12:55:06 PM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Well, it could be simply in order to make it difficult to integrate elsewhere. I.e. rather than ana actual security concern it may be an operational concern - that whoever wants to use the information outside of whatever agreement would need to go through the cumbersome steps of converting the data into a useful format. 
It is obviously not possible in general - simply take a photo of the screen - if it is text run OCR on it. Securing shared data is impossible. 
FrankFahrendorfLively at 11/9/2016 1:15:04 PM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Hello, In my opinion, AlexG is right ("Generally speaking I would be inclined to rely on a contractual commitment (if appropriate / possible)." If contractual commitment is possible, you can find some "inspirations" in Art. 28 GDPR.
Amedeo808Social at 12/2/2016 6:15:29 AM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Gubba,

What you say may be OK in theory, but if an organisation does not have DRM/RMS/IRM a significant investment will be necessary.
From a risk management perspective I doubt many risk personnel would 'risk' their credibility by trying to convince the board that investment in ineffective controls is justified.

Even if one had DRM/RMS/IRM available it would result in little more than an illusion of security, from a risk perspective it should remain marked as untreated and logged in the risk register. Further, there are no particular skills necessary to circumvent such controls so I am not even sure one could sensible claim partial treatment and reduce the risk level.

Ultimately from a data protection perspective, if one cannot trust a 3rd party to process personal data in accordance with contractual terms, then the information should not be shared with them, irrespective of any technical controls.
AlexGEnergizer at 12/22/2016 8:43:57 AM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

You stumble upon a topic that our regualtors often seek our commentary upon. No siliver bullets here but here's some feedback I hope resonates. Aside from the 'front-end' reviews and contractual clauses like audit rights, returning data, and data protection, you should consider monitoring the data sharing during the contract, and also have processes that you follow at the termination of a contract (e.g. checklists that detail how information is being handled and why they need to keep it, for how long, how it is destroyed). You could, in a world of no resource constraints, restrict any onward transfer of data pending your company review of that 4th party's security controls. This last point is important as it can and should be scaled to the amount of records being sent against your risk profile, insurance by your company, your vendor's and their vendor. Also, consider contractually restricting them from sharing the information and deal with exceptions until you can find a solution that meets those exceptions (e.g. secured portals and cloud solutions that gives you control how long it is kept there). If the exceptions are the norm, perhaps seek a sharing tool and contractually obligated them to exclusively use it for informaiton sharing on your terms. Good luck!
Bill ConnollyLively at 1/11/2017 10:30:39 AM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Hello,

I'm new to ISACA and I was reading posts in this forum. I'm actually interested in this section (Privacy / Data Protection) since I'm leading the development for an IRM software in Spain. 

Kyle has mentioned several cons that we have already taken into account and I would like to hear more inconvenients. Also if you would like to try out our product, contact me.


Eric049Lively at 3/9/2017 8:07:39 AM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Interesting topic. I would like to hear more. I have noticed also some other pdf documents can not be copied or pasted due to some restrictions applied on it. M not sure which programs are used to lock the documents
PRECIOUS785Social at 3/14/2017 3:18:11 AM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

I would agree to Alex. There is no way to prevent them from printing the data. If they are determined they will be printing it. Let say the data is OCR, DRM protected, the user can just do a print screen and print the data. It is very difficult to prevent intentional fraud.
Jacob Kurian AmbatEnergizer at 8/21/2017 6:53:49 PM Quote
You must sign in to rate content.
(Unrated)

RE: Protecting data no longer under your control?

Hi kyle430,

Thanks for sharing your experience and the solution, that will help others to get in place. I believe, you might be following the audit process as well as a 3-rd party audit concept. 3-parties are carrying your sensitive data and you have right to have a audit of their compliance with the help of your internal team members or you can hire/engage certain impanlled auditor to get it done.
Anand292Energizer at 1/6/2018 10:05:23 PM Quote
You must sign in to rate content.
(Unrated)

Leave a Comment

* required

You must login to leave a comment.