1. Indemnification provisions that deal at length with data security breaches. If the company gets third party claims, they will want you to pay their losses. The company may ask you to defend them for losses they suffered because of negligence or intentional acts of your vendors and subcontractors.
2. Limitation of damage provisions may not apply to data security breaches (or such provision is totally eliminated).
3. Warranties by your company as to data integrity, monitoring and security (translated you promise to keep our data secure and we can sue you if you breach that promise). Related requirement for paying for offsite backups and/or total liability for loss of data.
4. Expanded data rights on part of your big company customer as to access and your responsibilities should suit be filed or law enforcement wants information. Expanded responsibilities of your company as to data preservation, security, destruction and accessibility of records after your contract is terminated.
5. Restrictions on location of data and required approval for cross border location and/or export of data.
6. Increased audit rights by your customer as to reports and actions your company takes to prevent vulnerabilities and comply with security requirements.
7. Levels of service, minimum response times, detailed disaster management and business continuity plans required of your company. And detailed requirements for remotely transferring data upon termination.
What do you do if confronted with these contract terms?
If these terms may be relevant and cannot be deleted or modified, find out who pays for what. The cost of a security compliance audit alone could be significant. Try to factor these cyber security costs, including any insurance if it’s even affordable or sufficient, into your pricing.
And will this customer be with you long enough to ensure you can recoup significant security compliance outlays? Many large company contracts have termination for convenience provisions; there is no guarantee of continued business.
Contracts are all about risk allocation. With increased cyber security costs being passed onto vendors, you need to make sure the contract rates and terms make these contracts even doable for your company.
Call or email us for help with your cyber security contract issues.