4-page information security policy on business relationships.
Information risk must be taken into account when exchanging information with third-parties in either or both directions. The risk must be assessed and treated, normally through the use of suitable information security controls. Baseline information security controls may be sufficient to protect exchanges of general, relatively inconsequential information (such as many emails), perhaps even for small amounts of more significant information, but stronger controls are probably appropriate for the routine exchange of particularly valuable and/or sensitive information.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.