Data Privacy for Vendor Portals

Data Privacy for Vendor Portals

By: Joe Flynn, P2PConnect

Data Privacy is one of the leading concerns that customers express when setting up a Vendor Portal.

Vendor Portals transfer sensitive data from buyers to suppliers and back again. Ultimately, each customer must make some degree of internal risk-reward calculation to determine if the time-money saving benefits of a Vendor Portal will outweigh the data privacy and security concerns that a SaaS tool introduces.

Vendor Portals transfer sensitive data from buyers to suppliers and back again. Ultimately, each customer must make some degree of internal risk-reward calculation to determine if the time-money saving benefits of a Vendor Portal will outweigh the data privacy and security concerns that a SaaS tool introduces.

Though there are no silver bullets of data privacy, I try to explain to customers that there are some lead ones. With a little planning and some good aim, you should be able to knock out enough risk to make the process safe and secure.

Here is a list of my top six Data Privacy issues you should look to get clarity on before you commit to a SaaS-based Vendor Portal System.

Certifications

Vendor Portals manage both financial, transactional data as well as supplier profile data. Financial SaaS systems have established Certifications programs for the development processes such as SSAS 16, – SOC1, SOC2, and SOC3. If the provider is not SSAE 16, SOC 1 certified, you will need to walk away.

Data Center Certification

Most SaaS providers usually do not host their data internally rather they outsource their hosting with a professional hosting provider. These providers know very well what certifications they need and will be willing to submit their certifications on request.

Authentication

We addressed this in the security section, but the SaaS provider should be able to offer Single Sign-On integration and allow you control of your users at all times.

Who Owns the Data

Always ask for and receive, in writing, a data ownership policy document. There are no real standards for data ownership, but this document will tell you a lot about the firm that you are about to partner with. Keep in mind that just because you are the customer you may not own all of the data. In the Vendor Portal world, much of the data should be and is owned by the suppliers.

How long will the data be stored after the contract?

In this case, I do not think there is any guidance with respect as to how long the data should be stored rather you should make sure that the provider will be willing to work with you and destroy the data if you ask them to. Again, you may not own all of the data, and it may not all be destroyable

How is your Data Segregated?

Most SaaS solutions are multi-tenant. Multi-tenancy means that the provider will house all of the data from many customers in one database. A SaaS partner should be able to articulate their privacy policies as well as the steps that they have taken to keep your information safe.

http://p2pconnect.com