Today's Veterinary Business

APR 2018

Today’s Veterinary Business provides information and resources designed to help veterinarians and office management improve the financial performance of their practices, allowing them to increase the level of patient care and client service.

Issue link: https://todaysveterinarybusiness.epubxp.com/i/955830

Contents of this Issue

Navigation

Page 31 of 67

30 Today's Veterinary Business Business IT costs, better flexibility and time to market, and overall business improvement. But any organization that outsources its computing or allows a third party to retain care, custody and control of private data assets is exposing itself to risk. Federal and state laws dic- tate that the data owner, not the vendor, is ultimately responsible for protecting the data. When a vendor experiences a significant service failure or data privacy breach, the owner of the impacted data must demonstrate regulatory compliance, including conformity with federal and state notification laws and other consumer reme- diation requirements. Failure to comply can carry steep fines and other penalties. The data owner is ultimately responsible and legally liable, re- gardless of where or how the data breach occurred. As I noted previously, almost half of all data breaches took place while the data was with a third-party vendor, according to the 2016 "Cost of Data Breach Study" conducted by IBM and The Ponemon Institute. This would in- clude protected data in the hands Business PROTECT & DEFEND Protection Designed with You in Mind The Safehold Veterinary Insurance program is specifically designed to address the unique coverage needs of veterinarians and the services they provide. We provide access to high-quality insurance products at very competitive prices, helping protect licensed veterinarians in every state. Our proprietary program is led by an experienced veterinarian and includes key coverages for today's veterinary service practitioners. Contact us today to see how Safehold can help protect you and your practice: edward.branam@safehold.com Available coverages include: • Workers' Compensation • Business Package • Cyber Liability • Professional Liability • Builders' Risk • Business Auto • Umbrella • Service availability. • Disaster recovery planning. • Incident response planning. • Reviewing vendor-provided external audit reports, con- ducting external vulnerability scans and examining written privacy policies and practices also are recommended. In addition to the above, one of the most critical aspects of ven- dor management is executing a well-written contract. Some of the must-have provisions to include in any service level agreement or outsourcing contract are: Incident Response Procedures How the vendor handles data breaches should be an adden- dum to the contract. The contract should call for a forensic assess- ment of what happened and which data might have been exposed, and clarification as to what the cus- tomer can and can't do in terms of accessing the vendor's system after a breach to assist in the investiga- tion and response. Vendor pushback is not uncommon because vendors do not want to permit such access to their systems, but access can be negotiated and may depend upon the size of the contract and the Large commercial organizations perform vendor vetting as part of a well-established risk-management function. Typically, this activity is properly funded and staffed as part of a larger IT and risk-management department. of outsourcers, cloud providers and business partners. For this reason, managing outsourced vendors must be a critical part of any network security and privacy risk- management program. Large commercial organizations perform vendor vetting as part of a well- established risk-management function. Typically, this activity is properly funded and staffed as part of a larger IT and risk- management department. Smaller businesses usually do not have the dedicated personnel, budgeted resources or the man- agement focus needed to carry out a comparable vendor management program. However, the smallest company can take steps to help manage third-party cyber risk. Using a simple security question- naire will help determine what the vendor is doing in the areas of: • Information security management. • Regulatory and compliance activities and certifications. (For example, compliance with payment card industry data security standards.) • Protection and segregation of client-supplied data. • Application development security practices. 1

Articles in this issue

Links on this page

Archives of this issue

view archives of Today's Veterinary Business - APR 2018