This message was posted by a user wishing to remain anonymous
GM ThinkTank
I am doing some research re Resellers (vendors who sell other vendors products (e.g., security services, archiving, transaction platforms, collaboration platforms etc..). I would like to learn how organizations are treating their Resellers, especially the Resellers that sell high Inherent risk products (e.g., access to your network, running in the Cloud and processing Confidential/PII data)
1. Do you beef up the contract with the Reseller to make them responsible for the service (In my experience that is very difficult and most likely the Reseller will not accepts that)
2. In addition to the contract with the Reseller, do you seek a
direct, formal relationship with the Underlying Service Provider and put a contract in place (I think the best approach) and then perform due diligence on that Service provider
- If this is the approach - how do the Underlying service providers react to this?
3. Not sure if there is another option?
Any input and advice is welcome
Appreciate it
Cheers, John