It is possible to create a simple, bright-line means of triaging engagements to determine whether heightened security and privacy measures should be required
"So, maybe you've read my previous blog posts and have spent time developing strong information security and privacy protections to be included in your contracts with relevant business partners, vendors and suppliers.
The question is: when do I require those protections? Certainly not in every contract. That would greatly expand the cost and time of negotiating contracts that, potentially, present no security or privacy risks.
So how do you decide?..."
Read More ...