benrothke writes "Every organization has external software, hardware and 3rd-party vendors they have to deal with. In many cases, these vendors will have direct access to the corporate networks, confidential and proprietary data and more. Often the software and hardware solutions are critical to the infrastructure and security of the organization. If the vendors don't have effective information security and privacy controls in place, your data is at risk. In addition, when selecting a product to secure your organization, how do you ensure that you are selecting the correct product? All of this is critical in the event of a breach. When the lawyers start circling, they will be serving subpoenas to your company, not your 3rd-party vendors." Keep reading for Ben's review.