Establishing a comprehensive written information security plan that addresses key management, cloud data security and the interplay of encryption with other security tools is necessary for proper data security. Legal and compliance personnel must work closely with the technology team to develop policies and procedures, as well as to manage the data security of third-party service providers with which they contract. This article, the third in a three-part series, evaluates the policies and procedures a manager should enact; the role of legal and compliance personnel; and the management of third parties with respect to data security. The first article discussed the basics of encryption, when it should be used and challenges with implementing it. The second article analyzed the legal and regulatory framework surrounding encryption, including various federal and state laws. See our two-part series “The Challenges and Benefits of Multi-Factor Authentication in the Financial Sector”: Part One (Nov. 2, 2017); and Part Two (Nov. 9, 2017).