Dubai 
ParisManaging third-party and cloud service provider risk
Many organisations rely on third-party providers, including cloud platforms and collaboration tools, to support remote working arrangements.
While these technologies enhance efficiency, they can also introduce additional risks if not properly managed.
Organisations should conduct appropriate due diligence on service providers to ensure that adequate security measures are in place.
Key considerations include:
- how data is stored and processed by third parties
- whether providers comply with applicable data protection standards
- contractual protections relating to data security and confidentiality
- incident notification and response obligations
Service agreements should clearly set out the responsibilities of each party and include appropriate safeguards to protect company and client data.
Organisations should also monitor third-party performance and conduct periodic reviews to ensure ongoing compliance.
If you or your organisation would like to discuss any aspect of this guidance note further, please don’t hesitate to reach out to your usual CVML contact, or email:
Tsoline Gharibian, Senior Associate, CVML (t.gharibian@cvml.ae)
Ishwarya Singh, Associate, CVML (i.singh@cvml.ae)