When outsourcing processing, which is essential to protect information?

• A. A written contract detailing how information can be used and disclosed
• B. The cheapest price
• C. No oversight
• D. Only sign a non-disclosure agreement

Answer: (A)

When you outsource processing, a written contract that sets out how information can be used and disclosed provides the binding framework that protects data. It creates clear rules for what can be processed, who may access it, where it can go, how it must be secured, and what happens in case of a breach. This contract often defines the roles of the data controller and data processor, specifies security controls, data retention and deletion, transfer restrictions, subcontracting, auditing rights, and liability for failures. With these protections in place, both parties have a concrete standard to follow and a mechanism to enforce compliance and accountability. Merely chasing the lowest price offers no assurance of security, and oversight alone isn’t enough to govern the details of data handling, while a non-disclosure agreement only protects confidentiality and doesn’t cover how data is processed, secured, or governed.