Third Parties, Vendors and Contractors

            Everyone that accesses or works on the systems, networks,
            facilities, or data of the organization must be subject to the rules
            and procedures of the organization. This is especially
            challenging in a world of outsourcing. As organizations
            outsource their data processing, applications, or some business
            processes, the need to ensure that the service provider meets the
            security and data protection requirements. It must be
            remembered that when an organization accepts, processes,
            transmits, or stores sensitive data, then that original organization
            remains liable for the protection of that information even if it is
            shared with another service provider.



            Roles and Responsibilities Summary
            Security is the responsibility of everyone in the organization.
            Adequate protection can only happen when everyone is aware of
            the need for security and realizes how their actions can affect the
            stability, resilience, profitability, and success of the
            organization. Security is not a "nice to have" or an option. It is a
            thread that must be woven into every business process, into the
            mindset of each person and integrated into each system and IT
            function. This requires a continuous effort of education,
            reminders, monitoring, and improvement. When everyone sees
            that the organization is serious about security and is committed
            to ensuring that the policies and procedures are being enforced,
            then a culture of security is created. At this point, each person
            will realize the importance of their role on the security team.