Respond to the following in a minimum of 200 words: 

Just a few years ago, all IT processing took place in-house. Payroll processing, human resources and benefits management, real estate management, and investor relations were done by employees within the parent organization. Even in the home environment, families kept information activities in-house, including annual tax returns and banking (through the writing of paper checks) and disagreements or issues with vendors was taken care of personally.

Now we have online resources that push some of that overhead to external vendors. Examples include organizations that will process payroll and benefits administration, as well as stock brokerages that address investor traffic. Working with vendors brings up a few concerns. 

Discuss the following: 

• Why is due diligence necessary when dealing with external vendors? 
• What is one suggestion you have regarding securing data as it is in-transit to and from these vendors? 
• What are two security protocols that should be part of the vendor's data operations? For example, if the data includes PII/SPII information, is adherence to external regulations and guidelines the responsibility of the vendor or your organization? 

 Reference