Re: Third-parties and vendors

["Saqib Ali" <docbook.xml () gmail com>]

it is almost impossible to get a large vendor to sign your NDA or any
other binding contract if you don't have enough clout.

You should be able to lawfully hold them responsible to "their" own
policies except  in case of Force majeure. But most of the time the
policies are written in 'weaselese' which free the corporation from
any responsibility.

saqib
http://www.full-disk-encryption.net

On 12/5/06, Stephen Tanner <stanner () leeclerk org> wrote:
> I was wondering how everyone holds third-parties and vendors to their
> security policies.  I have a few templates with suggestions, but I'm not
> sure that I could get a large corporation to sign the document without
> them wanting to have a slew of lawyers look it over.
>
> What do the rest of you do?
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Stephen Tanner
> Information Security Administrator
> Network Support Services
> Lee County Clerk of Courts
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
>
>
> ---------------------------------------------------------------------------
> This list is sponsored by: ByteCrusher
>
> Detect Malicious Web Content and Exploits in Real-Time.
> Anti-Virus engines can't detect unknown or new threats.
> LinkScanner can. Web surfing just became a whole lot safer.
>
> http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
> ---------------------------------------------------------------------------


--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------