Can my company be held legally responsible for the failure of my vendor to meet regulatory guidelines?

Yes, especially when your company cannot display vendor selection due diligence.

If your vendor is the cause of a data breach or a non-conformity to an applicable data protection regulation your firm could be partially or held fully responsible for such an event.

It is important to show that your firm has performed due diligence in the selection of a vendor that includes the vetting of your vendor's policies, procedures, training, security protocols, and breach notification systems.

Due diligence can be simplified and expedited by selecting vendors that maintain third party certifications. However, a vendor holding third party certifications is not alone enough to prove due diligence and some documentation of the validity and effectiveness of the certification should also be done by the contracting organization.

Can't find what you're looking for?Ask us here and we will be in touch within one business day.