My first word of advice: Ask your partners and vendors whether they maintain the same level of security as you do, if not better. More important, make them prove it. Don't simply ask them to read your security policies and agree to abide by them, especially not just as a paperwork formality that everyone must undergo in order to work together.
A good starting point is to interview the vendor or partner and ask about the company's security policies, computers, and networks. An interview is no substitute for auditing, but as long as the partner is being honest, you can ascertain the company's security maturity.
However, nothing beats a physical audit where you are allowed to scrutinize the potential vendor's or partner's computers and networks to verify its security practices. When I've conducted an audit, I've always discovered security risks that the company was either unaware of or did not share. If possible, secure the right to conduct security-policy reviews and the ability to do some limited auditing to assure the third party is following expected policy before you allow them access on your network. At the most security-minded organizations, security policies state that network access will be rejected if the third party does not meet a minimum level of security.
How does your company's security policy treat third parties? The answer has quick insight to how the company treats its own security.
This story, "You're only as secure as your business partners," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes's Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.