...
CloudCard shall not share or transmit Confidential data to a third-party without first performing proper due diligence which may include a third-party risk assessment and fully executing , a written contract, a statement of work, or service agreement which describes expected service levels and any specific information security requirements.
...