The laws of many countries require the data owner to be responsible for the continued protection of data even when the data is processed or stored by a third party.
This requires clear communication of the roles and responsibilities of each party involved in a third party agreement.
All relation with third party should be guided by a third party agreements:
- SOW (Statements Of Work)
Ownership of source code
- Support (software, security)
- Anything else to ensure what is expected of all parties
Everything from storage, processing, and disaster recovery should be added to the contracts.
We need to be aware of jurisdiction, where the data reside and if backups are made on site or in a different country.
In case of disagreement or dispute, we want to stipulate in which country is the law applicable.
Contracts are also important for the protection of intellectual property; same with patents.