Extract from Victoria Blake’s article “8 Security Questions to Ask Your Ediscovery Vendor”
Software vendors are not born into the world with highly mature and secure security systems and practices. Indeed, vendors are usually born into the world as a startup with a vision, and a short-timeline to making that vision a reality.
Vendors in early stages of their life will most likely have spent their time developing features and functionality rather than focusing on security systems, processes, and tooling. Security profiles are usually created as vendors mature in the market, and as vendors mature as software companies in their own right.
Look for providers who are eager to discuss their data security policies and practices at any stage of your evaluation. Transparency is key. A good vendor relationship is built on trust and on a mutual understanding of how each party will behave, both to protect your data in day-to-day operations as well as if a security incident occurs.