In large enterprise businesses, such as a financial institution, it is imperative that confidential and/or proprietary data be properly protected against exposure, otherwise referred to as a data breach. In the financial institution environment this includes customer data, such as social security numbers, names, addresses, telephone numbers and the like, as well as account related data, such as account numbers, account balances, transaction entries and the like.
In the large enterprise environment, the enterprise needs to not only ensure that their confidential/proprietary data is properly and securely protected internally (i.e., with the physical and network confines of the enterprise), but also the enterprise must ensure that confidential/proprietary data is properly secured by external entities that receive the data from the enterprise. In the financial institution setting, external entities may include vendors (i.e., entities in a contractual relationship with the financial institution) and other non-contracting third-party entities, for example, other financial institutions or the like. The financial institution must ensure that the external entity has the proper mechanisms, procedures and governance in place to not only receive confidential/proprietary data, but also properly store such data to prevent exposure. Moreover, in instances where the external entity, is implementing the Internet or a mobile platform to host the confidential/proprietary data, the financial institution, or any other enterprise, must ensure that the proper mechanisms, procedures and governance are in place to securely host the confidential/proprietary data. In this regard, the enterprise must be able to manage the risk of surrounding the use of the confidential/proprietary data by an external entity (i.e., outside of the enterprise's firewall).
Current practices within such large enterprises which seek to ensure protection of confidential/proprietary data by external entities tend to be unreliable and inconsistent. In this regard, assessments of the external entities by the enterprise tend to occur sporadically or reactively (i.e., in response to a compromise of the data at the external entity or the like). Moreover, proper procedures may not be in place at the enterprise to ensure that consistent review and approval of external entities occurs.
Therefore, a need exists to develop systems, apparatus, computer program products, methods and the like that provide a reliable and effective means for ensuring the protection, security and confidentiality of data that is electronically communicated to external entities. The desired systems, apparatus, computer program products, methods and the like should establish activities within the enterprise that ensure compliance to enterprise mandates and require external entities to implement enterprise-aligned information security policies, standards and/or baselines.