Welcome back! Here’s the final post in the three-part blog series, outlining how you can use LinkSquares to improve your contract management and your cybersecurity posture. If you missed parts one and two, start here.
Here are our final tips. These are related Smart Values that go beyond CISA’s advisory but, nonetheless, address contractual entitlements relevant to your cybersecurity posture.
Customer Data Clause
This clause addresses how a vendor can use your data to which they have access. For example: can the vendor aggregate your usage information with other customers and sell it to advertisers, or can it use your specific data to help advertisers target you? This clause is relevant to your security, both because it may spell out what type of data a vendor is recording about your business and activities (i.e. how much data is at risk if the vendor is hacked), as well as who may gain access to that data besides the vendor (i.e. who else can put your data at risk).
As to those general policies, specific Smart Values are also available.
Customer Data Consent Required
Must the vendor explicitly obtain consent to save and/or share your data with others?
Customer Data Instructions
Must the vendor obtain written consent to record, share, or sell your data? Are they obligated to share your data if you, the customer, request it? If there are hard terms around your consent, this clause will highlight those stipulations.
International Data Transfer Clause
International Data transfer refers to whether your data can be transferred from the country where it is initially located to other countries. This is especially relevant if your data can be transferred to jurisdictions where government surveillance is more or less permissible or privacy protections are more or less robust.
International Data Transfer Consent Required
Does the vendor need your consent to transfer personal data to another country or governing jurisdiction?
Service Level Agreement
This clause dictates what level of performance a vendor must meet to comply with their contract. If an explicit data security clause is not in the contract, the relevant security stipulations may appear in this section. Two subordinate Smart Values are also available.
Service Level Agreement Credits
If a vendor fails to meet their service level commitments, what type of compensation are you entitled to? This tells you how much incentive the vendor has to keep their security promises.
Service Level Agreement Uptime Commitments
Uptime specifically refers to how many hours in a typical day, week, or month that an online service should be accessible. Cyberattacks can cause service interruptions, so knowing what percent of the time a vendor commits to being online can illustrate their level of commitment to cybersecurity.
Access Control
Access Control refers to physical security and information security. It is the selective restriction of access that instructs who's allowed to access and use company information and resources.
Third-Party Software
Third-party software is a computer program created or developed by a different company than the one that developed the computer's operating system. Open Source software is also included inside the bounds of the Third Party Software smart value. Open Source refers to computer software governed by a license that permits some form of free/open distribution to the public.
Conclusion: Contract Management is a Cybersecurity Requirement
Contract management is a cybersecurity requirement, period. If you hand off your critical business data to another organization or entity with regular access to your software and/or network, you need data security guarantees in writing. If one of your suppliers – especially a SaaS vendor – has lax security, both you and your own downstream customers are at risk.
LinkSquares puts you in control of your data security by not only exposing what is and isn’t guaranteed in your vendor agreements but also by empowering you to put contractual force behind your security preferences.
If you want to leverage the most advanced contract management suite to improve your cybersecurity posture, contact LinkSquares today.
Subscribe to the LinkSquares Blog
Stay up to date on best practices for GCs and legal teams, current events, legal tech, and more.