Dynamic Legal Representation for You and Your Business

Vendor Physical Security Policy

Q: What physical security protocols should my third-party vendors have in place?

A: As part of a comprehensive vendor management oversight program, a thorough evaluation should be conducted on whether your third-party vendors have sufficient physical security controls in place. You should evaluate and identify the inherent risk of each of your vendors and develop a plan for managing physical security risks associated with these third-party relationships. Vendors with access to nonpublic personal consumer information and/or proprietary information generally require greater physical security standards.

One item you should request and review is your vendor's Physical Security Policy. An effective Physical Security Policy ensures safety and security of the vendor's location including off-site data centers, operation rooms, filing rooms, cash rooms, and any other areas that may contain confidential and/or proprietary information. In order to prevent intrusion and unauthorized access, a vendor's Physical Security Policy should at the very least entail the following:

  • Employee and visitor access levels and tracking, such as log in/log out sheets;

  • Use of alarm systems and/or surveillance cameras with retention records;

  • Security perimeters (card controlled entry gates, security guards, and/or manned reception desks);

  • Locks, access cards and/or security codes; and,

  • Enhanced data center and/or server room security features.

From a regulatory standpoint, an effective vendor management program that assesses these items can help eliminate compliance, reputational, strategic and operational risks.

Share the AGMB Compliance Question of the Week:

Facebook   Google+   LinkedIn   Twitter

New York Attorney Advertising: This email is designed for general information only.
The information presented in this email should not be construed to be formal legal advice nor the
formation of a lawyer/client relationship. Prior results do not guarantee a similar outcome.

© Copyright 2018 by Abrams Garfinkel Margolis Bergson, LLP. All rights reserved.
This email is designed and developed by PR4Lawyers.
Facebook Twitter LinkedIn Google+ Youtube AGMB, LLP Website Neil Garfinkel Michael Barone Neil Garfinkel E-Mail Michael Barone E-Mail Marie O' Brien Marie O'Brien E-Mail