How to ensure data integrity/security once it leaves the company network?

[JHay]

My company is shifting their data security emphasis to monitor 3rd parties. For example: we're constantly sending data to a firm that processes our financial data and performs basic accounting/reporting. How do we ensure these 3rd parties aren't mishandling our data? How do we know if Joe Shmoe isn't copying our files, losing/replicating our tapes, or distributing our sensitive information? I'm looking for technologies, software, questionnaires, or some methodology that provides a meaningful assessment or metric that indicates how secure our data is once it leaves our network. Is anyone aware of a product or company that provides this type of service? We're fairly confident that our firewalls, vpns, tunnels, and protocols are securing the data to/from our network...but once it heads to Accounting Wizards, Inc, we lose control. Suggestions would be greatly appreciated!

 

[JTY]

Lawyers, lots of lawyers. Really there isn't much you can do, other then ensure the firm you are sending your data to is reputable, and limits access only to those who need access.

 

[JHay]

Thanks for the reply. I should probably clarify: I've been asked to develop a questionnaire to hand out to the third parties we deal with. The questionnaire should essentially determine: "how do we know you're securing our data properly?" Any advice as to the questions I should ask would be appreciated, as would methodologies/assessment techniques/software that help determine a third party's ability to handle our data securely.

 

[JTY]

What kind of access restrictions do you have to our data?
Who in your firm has access to our data?
Are tapes, files, etc. stored in a vault or other physically secured area?
What is your procedure/requirements for determining if someone should have access? (E.g. criminal background check, etc.)