How does Aumni ensure that its third-parties are maintaining good security practices?

A critical part of our security program is to perform security due diligence on any third-party that will be handling sensitive information on our behalf to support our services. This is important where if a vendor has a vulnerability, we have little control over how quickly it is remediated. Therefore, it is critical that we do business with third parties who have mature and well-supported security programs. 

We ensure that as a baseline the third-party has the appropriate security certifications proving that their security program has been independently assessed and deemed sufficient e.g., SOC 2 Type II, ISO 27001). Also, we read through any additional security documentation provided by the third-party and follow up with questions with the vendor where there might be additional perceived risk. Aumni will not approve a third-party unless they have passed this rigor and agree to undergo such due diligence on at least an annual basis. 

Articles in this section

Was this article helpful?
0 out of 0 found this helpful