Technology Vendor Due Diligence; Protecting your Brand
Most companies in the modern economy utilize technology to compete in an increasingly competitive marketplace. In order to utilize third-party technology, a business has to obtain a license from the technology vendor or reseller, otherwise risk intellectual property infringement. Even when using open-source software, the use is subject to licensing restrictions and other limitations. While getting the licensing correct is critical to ensuring your business obtains the most value from the technology, an often over-looked element of procuring technology is the due diligence phase.
Technology due diligence is similar to diligence performed on any vendor, such as ensuring the technology will fit your needs and obtaining favorable pricing, but the due diligence should be far more extensive in the modern technological world. By way of example, in the healthcare industry, over 25 million health records have been breached to date in 2019, many of which as a result of a third party technology provider failing to protect the health information. This means that businesses, especially those in a regulated industry where the technology vendor has access to personal information, need to perform additional diligence on third-party technology providers.
The additional diligence should focus on what the vendor is doing with the data and personal information, ensure that the vendor has protections and controls that meet the various, and often overlapping, state, federal, and international data protection rules, and ensure that their technical protections meet industry standards. Although this will likely require obtaining additional expertise from outside your organization, taking these additional steps during the diligence phase will protect your brand from a potential disruptive data breach at a vendor that results in your business being harmed.
VW Contributor: Alex Rainville
© 2019 Vandenack Weaver LLC
For more information, Contact Us