While companies may do an effective job of their cyber security and data protection, the focus on protecting a company’s borders is no longer adequate. CISO’s must expand focus to include the cyber security & data protection programs of third party providers. We will discuss the challenge of assessing the adequacy of data and cyber security protections provided by third party service providers.