Integrating Information Security Protections In Supplier Agreements: Guidance for Business and Technology Counsel

Evaluating Data Security Risks During Due Diligence, Negotiating Contractual Protections, Monitoring Supplier Performance

Recording of a 90-minute CLE webinar with Q&A


Conducted on Tuesday, February 7, 2017

Recorded event now available

or call 1-800-926-7926
Program Materials

This CLE webinar will provide guidance to business and technology counsel for incorporating information security protocols into supplier contracts. The program will discuss due diligence strategies, specific clauses that should be included in agreements, and effective tactics for monitoring supplier performance and compliance with contractual terms and relevant privacy and security laws.

Description

Designing an information security protocol requires a unified approach comprised of strong security policies, ongoing employee education, effective technology systems (firewalls, encryption, etc.), continuous security audits, and well drafted contracts with business partners and other suppliers that specifically address information security. Any agreement that gives a third party access to a company’s network, facilities, data or confidential information should include ironclad information security protocols.

Incorporating information security into technology contracts involves three critical components: 1. internal and supplier due diligence; 2. contractual protections; and 3. information handling and security procedures and requirements, generally in the form of contract exhibits. Suppliers should be notified from the outset that the information they provide during information security due diligence will be relied upon during vendor selection and will become part of the contract.

When drafting supplier contracts, business and technology counsel should broadly define confidentiality to include all potentially confidential information. Contracts should limit the use of subcontractors, address personnel due diligence, and use warranties and indemnity provisions to limit risk. Where appropriate, specific information handling requirements should be attached as an exhibit to the contract.

Listen as our authoritative presenter explains best practices for integrating information security protections in the supplier contracting process. The presenter will discuss key provisions that should be included in supplier agreements and considerations for customers and vendors during due diligence, contract negotiations and post-execution.

READ MORE

Outline

  1. Overview
  2. Internal and vendor due diligence
  3. Contractual protections
  4. Information handling and security procedures and requirements

Benefits

The speaker will address these and other key issues:

  • What types of business information require security protection and why are contractual protections important?
  • What mistakes do businesses make when designing a comprehensive security protocol?
  • What issues should business counsel address during initial internal due diligence? What should be addressed in supplier due diligence?
  • What key contractual protections should be included in supplier agreements?
  • What issues should business counsel anticipate when negotiating with suppliers?

Faculty

Karlyn, Matt
Matthew A. Karlyn

Partner
Foley & Lardner

Mr. Karlyn has extensive experience with transactions relating to outsourcing and information technology, including IT...  |  Read More

Other Formats
— Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include program handouts. To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video

$297

Download

$297