Risky Business: Five Considerations for Security in Vendor Contracting

Published On February 26, 2018 | By Marci Rozen, Allison Bender and Jason Wool | Data Security, Practical Advice
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

Selecting appropriate contract clauses is a key strategy for managing security risks with vendors. Security provisions in vendor contracts should be tailored to the risks posed by the specific engagement, the supply chain for the required products or services, and each vendor’s security program. Below are five topics to consider when drafting these agreements. Hover over the text boxes to see what questions and factors to keep in mind.

About The Authors

Marci counsels companies on a wide variety of issues involving privacy, cybersecurity, and information law. She routinely helps companies evaluate and develop corporate privacy and information security programs, and provides advice on matters involving cross-border data transfers, insider threat prevention and detection, cloud computing, and electronic surveillance. Marci also assist clients in responding to data breaches, including issuing breach notifications required under state and federal breach notification laws, advising on remediation efforts, and handling litigation and enforcement actions arising from data security incidents.

Allison Bender counsels Fortune 50 companies and startups in a range of industries on cybersecurity and privacy matters in the U.S. and internationally. Drawing from her roots in government, national security, and R&D, she helps clients navigate legal issues associated with emerging technologies and aids clients in strategically managing legal, financial, and reputational cybersecurity risks.

Jason Wool’s practice focuses on cybersecurity, including cyber risk management, incident response, and compliance with global data protection laws, regulations, and standards, including the PCI-DSS. He has advised organizations ranging from small businesses to Fortune 500 companies during complex, privileged computer crime investigations; provided ongoing advice on the development of cybersecurity programs and cybersecurity governance structures; conducted tabletop exercises and other data breach simulations; and assisted clients with large scale audits to determine compliance with complex cybersecurity standards.

Leave a Reply

Your email address will not be published. Required fields are marked *