Indemnification – What happens if something goes wrong?
We’ve all heard stories of how someone went to a hospital for a procedure and a serious error occurred. If a mistake of that magnitude can and does happen with some frequency by highly trained, intelligent people, there certainly can be data breaches or pollution events caused by your IT asset disposition provider.
Keep in mind that your liability as a business stakeholder does not end when equipment leaves your facility from either an environmental or data breach perspective. Therefore good information security management, information security policy, and environmental stewardship includes a good understanding of how you are indemnified by your vendor.
Most of the clients that come to us do not ask the right questions with respect to indemnification. One simple question that almost no one asks is “can I see your pollution and professional liability insurance policies.” I’m sure it would be a shock to many that the actual policies are usually a few pages long and the list of exclusions are ten times as long. The exclusions can great have a great impact in your defense is there is a data breach. Having viewed your vendor’s insurance policies and understanding how and to what limits you are protected is a great first step in IT Asset risk management.
How your vendor’s documentation works in conjunction with their insurance policies is another important factor that I’ll discuss in future blogs.