Of course, it's not just about the risks. Safe B2B e-commerce carrieshuge business benefits too. In fact, companies can market the securityof their B2B programs to enhance customer confidence and thus attractadditional partners. Safer B2B practices also protect against glitchesand outages, preserving the critical just-in-time nature ofe-commerce, which keeps the revenue flowing.

With so much to lose and to gain, every company should establish a setof security expectations for its B2B partners, drawing from the listthat follows. In addition, take heed of the strategies to counterresistance and enforce compliance since you will be dealing withcompanies that aren't under your control.

Requirements and Expectations

A Documented Security Policy
Security experts say every company should demand to see its B2Bpartners' written security policy. Lee Holcomb, CIO of NASA inWashington, D.C., says that is something he's strict about because heuses online connections to post competition opportunities and payaerospace vendors and contractors. He expects policies to includefirewall maintenance and patch-service provisions and to provide forvulnerability assessment and intrusion detection, as well as atraining program for systems administrators who would have access tosensitive information. "We're dealing with astronauts or pilots inspace," says Holcomb. "Security and safety are synonymous."

The Federal Reserve typically asks for a written description of apartner's security organization, including its rules andresponsibilities and where the security function reports. "If securityis buried in the technical bowels of an organization, it's probablynot having significant influence on senior management," Wadesays.