With the exponential growth of cyber threats, cloud computing and remote working, contract provisions regarding data security requirements have also expanded in size and frequency. It has become common practice to prepare schedules to detail (and limit) security requirements. Customers and vendors both have a vested interest in clearly identifying expectations and obligations for such requirements. In this week’s Contract Corner, we explore considerations when it comes to drafting security schedules.
PROTECTING CUSTOMER DATA
Customers entrusting sensitive and confidential data and information to their vendors will want stringent data security requirements to ensure that such information remains protected. Typical requirements include the following:
- Current Security Controls. Security devices and processes are rapidly improving in response to ransomware and other cyber threats. Customers will look to their vendors to maintain state-of-the-art security protections for their data, including detailing such protections in an original schedule and providing updates on future improvements.
- Breach Response. To comply with data breach laws and regulatory requirements,…
