Mechanisms exist to prohibit external parties, systems and services from storing, processing and transmitting data unless authorized individuals first: ? Verifying the implementation of required security controls; or ? Retaining a processing agreement with the entity hosting the external systems or service.