Blog / Contractor Relationships are Important – You’re Lending Them More than just Your Reputation…
Having good contractors for a municipality (or business) is important. Honestly, even if you aren’t a municipality and if you’re subcontracting work out to anyone, having good contractors is king.
Being a “good contractor” probably has different meanings to different people.
For some, it might mean they are inexpensive.
For others, it could mean they don’t require much instruction/hand-holding to get the job done.
When I think about a good contractor, there’s a phrase that springs to mind: “Regulatory Compliance.”
When a contractor performs work for any type of organization, they’re acting as an extension of that outfit. This means that they are required to conform to all the very same regulatory restrictions that you’re under (within reason of course.)
So, what does this mean?
Well, for example, if you accept payment cards, this means your organization is required to conform to PCI-DSS regulations.
It also means that your contractors are required to conform to PCI-DSS regulations (at least when they, or their equipment interact with your organization.)
The same can be said with regulations like FOIP or PIPA/PIPEDA. If the regulations apply to you, then they may apply to your contractors (again, it depends on exactly how they interact with your organization and its systems.)
I’m sure it comes as no great surprise when I say that the actions of a contractor reflect on the company that hired them. It’s pretty much the same idea when it comes to regulatory compliance.
Much the same theory applies with this sort of requirement to personal information: “Implied consent is not good enough.” This doesn’t mean you need to strictly police your contractors (if you need to do that, you should probably look for alternatives.) It means that you need to tell them about the requirements.
That doesn’t mean you need to hold their hand and explain it to them. This is the business world, which means they can find out the details on their own. At the same time, the exact rules they need to follow may not be straightforward, so it’s in your best interest to provide them with some degree of instruction and framework, as well as a little bit of direction.
The reason for this is quite simple: You can be held responsible for your contractors’ actions. This means that if you are required to act according to some regulations, and your contractor doesn’t and gets caught, you can be held accountable in a court of law.
Just like you are required to tell your employees that they need to adhere to certain rules of behaviour (either due to company policy or regulatory requirements), you are also required to tell your contractors if there are certain rules they need to follow as well. Just like with employees, it’s not beyond your authority to impose restrictions on contractor behaviour. Obviously, those limits need to be in line with regulations; otherwise they are unreasonable. It’s a fine line, but one that needs to be remembered.
Considering the kinds of fines that can happen when PCI-DSS or FOIP regulations are violated, or privacy gets breached, it’s in your best interest to make sure your contractors are well informed.
If you have any questions about Contractor Compliance, you can reach out to your TRINUS Account Manager for some stress-free IT.
By kind courtesy of your Friendly Neighbourhood Cyberman.