So, maybe you’ve read my previous blog posts and have spent time developing strong information security and privacy protections to be included in your contracts with relevant business partners, vendors and suppliers.
The question is: when do I require those protections? Certainly not in every contract. That would greatly expand the cost and time of negotiating contracts that, potentially, present no security or privacy risks.
So how do you decide?