The purpose of this control is for IllumiDesk to be very intentional about the data shared with any third parties. Every time we share IllumiDesk data (including customer data) with a third party we increase the attack surface of that data. Since we rely on a number of third party services, we will need to share certain data; performing the risk assessment referenced in this control ensures that we are following a formal process of evaluating the information security program of any third parties and only sharing appropriate data when there is a legitimate need.