Question about sharing data... 2755

  • We are currently doing the IT work for a company who is getting a 3rd party to develop a reporting software that ties into their financial software. The 3rd party is wanting a copy of their financial software’s database. However we are leary about doing this and want to cover all bases… Is there anything wrong with this as long as the ‘top dogs’ give permission? This company would have complete access to any of their financial records. Also should we just setup an FTP if this is ok?

  • you do the IT work for the company and you do not own the Data/Information stored within.
    Iam sure YOU have signed a data confidentiality clause with your client and so would the other vendor who is developing an application for them.(or at least you can assume so)
    As long as the individual who has been identified as the data owner within your client organization approves sharing the database, you are safe. However it would be prudent on your part to highlight the risks that you foresee in sharing such data, that way you save your head and also get some appreciation from your client for being pro-active…

  • Hi - I agree with NC’s good recommendations. Some of items below may or may not apply to this situation (err on side of caution - given how detrimental data breaches are these days):
    – Obtain signed NDAs (always good to have in writing)
    – Obtain approval from System Owners
    – Review for anything of a sensitive nature and stipulate in writing the need to safeguard (SSNs, CC#s, etc)
    – Ensure review is through a trusted process (e.g., VPN, HTTPS, etc)
    – IT and Internal Audit may want to review for any concerns

Log in to reply