Reviewing Vendor Contracts: An Information Security Perspective

A contract is an agreement between a buyer and seller to deliver a product or service. It can contain many terms and conditions to attain that goal. These terms and conditions should be reviewed to ensure the seller, and sometimes buyer, have sufficient processes to assure the confidentiality, integrity, and availability of data.

When tasked with reviewing contacts from an Information Security perspective there are a few key things to look for.

1. Applicable Laws
2. Information Security Best Practices
3. Incident Handling