In any instance in which your data may reside on a vendor\u2019s systems (e.g., cloud engagements, hardware rental engagements, etc.), it is critical to ensure that your data is securely removed from those systems (i) when the agreement terminates and (ii) when any of the systems may be taken out of service, including for maintenance by a third party. \u00a0\tConsider the following real-world example: \u00a0a vendor was engaged to provide desktop refresh services for a large organization. \u00a0During the course of those services, the vendor replaced desktop computers with updated machines throughout the customer\u2019s organization. \u00a0The agreement specifically required the vendor to securely delete all data from the replaced computers prior to removing them from the customer\u2019s facilities. \u00a0In fact, this was not done. \u00a0Worse yet, it appears some of the replaced computers were sold on the open market to third parties without proper erasure of sensitive data. \u00a0\tEnsuring data is protected when a contract ends or when hardware is sent out for servicing is a key information security measure. \u00a0This means doing two things. \u00a0First, requiring specific language regarding secure erasure be added to relevant contracts. \u00a0Second, following up with the vendor to ensure those requirements are, in fact, carried out.