Best Practices for Information Security and Data Protection from an Outsourcing Vendor