Data Governance & Contract Management: How you can build security into your contracts
Our Cybersecurity Webinar Series To help you understand the cyber risk in your legal vendor portfolio: Week 1 Week 2 Week 3 Week 4 July July July July 8 22 15 29 PRIVILEGED DATA: CYBER SECURITY LEGAL VENDOR DATA GOVERNANCE BENCHMARKING: CYBER RISK & CONTRACT Understanding the PROGRAM: MANAGEMENT: cyber security What you need to challenges with your know now, how to How to deal with How you can build legal vendors avoid risk problems (and how to security into your avoid them in the first contracts place) Why What How
Introductions Tyler Marion Derek Mihm Managing Director Senior Manager Duff & Phelps, Legal Management Duff & Phelps, Legal Consulting Management Consulting
Our Work Contract Data Drafting & Contract Database Contract Review Migration Negotiation Automation Oversight Landscaping 4
Today’s Webinar Overview In this webinar we will review: • How to structure risk mitigation in your contracts: recommended clause types • An overview of a typical, proactive data security risk mitigation workflow for contracting • Methods to retrospectively mitigate data security risk in existing relationships’ contracts
STRUCTURING RISK MITIGATION IN CONTRACT LANGUAGE
Precautionary Clauses Proactive Language to Ensure Security Measures Exist • Required Precautions – ‒ Level of Security Required ‒ Restrictions on Storage ‒ Access Limitations ‒ Update Requirements
Incident Response Clauses Language to Ensure Breaches are Handled Appropriately • Breach Procedures ‒ Incident Response Plans ‒ Notification Requirements • Timing • Contents ‒ Indemnification/Reimbursement
INCLUDING RISK MITIGATION LANGUAGE IN YOUR CONTRACTS
Current Standard Infosec Model How do you choose the right terms for your engagement? Most standard information security procedures follow some form of the above process, with variations introduced based on the unique needs of the organization in question.
Matching your Risk to your Language • Employ questionnaires to systematically identify risk QUALITY OF Low Medium High covering a variety of technical SECURITY and physical attack vectors SENSITIVITY • Develop a matrix with axes OF DATA based on the sensitivity of the Low Rider B Rider A Rider A data and the quality of the Medium security the vendor has in place Rider D Rider C Rider A High Rider F Rider E Rider C • Draft Security Addenda with the least restrictive language sufficient to address the various points on the matrix
Pitfalls in Procurement Potential Solutions to Reduce Time-to-Execution • Information Security Reviews can be time consuming, but there are ways to expedite vendor onboarding: ‒ Provide the option for a vendor to voluntarily adopt the most stringent addenda ‒ Engage a third party risk assessment vendor to provide faster recommendations
CONTRACT LANDSCAPING: How to Use AI to Mitigate Risk in Existing Relationships
Controlling for Risk in Existing Contracts • Existing Agreements or Rogue Contractors • Acquired Contracts • Changes in Scope
Artificial Intelligence and Contracts How to use Current-State AI as a Risk Identification Tool • What is the current state of commercially-available contract AI? ‒ Fuzzy Text Searching ‒ Pre-Trained Data Models ‒ Bespoke Training based on User Annotation
AI “Reading” Contracts – How is it done? • Clause Extraction: Find the relevant language • Point Extraction: Examine the clause to extract discrete data points • Inferences: Use deductive reasoning and relationships between fields to intuit new data points
Contract Landscaping Using AI-Generated Data to Identify Risky Relationships and Repair Them The goal is to eliminate firms from a “risk list” by finding data security terms in contracts with those firms. Once all mitigated vendors are eliminated from the list, those that remain can be repapered with the appropriate security rider.
QUESTIONS / COMMENTS
Thank You For more information please contact: Tyler Marion Derek Mihm Tyler.Marion@duffandphelps.com Derek.Mihm@duffandphelps.com M: +1 (206) 472-4934 M: +1 (651) 393-4060 A DUFF & PHELPS PRODUCT
Recommend
More recommend