Posts in Breach of Contract

AICPA, best practices, BITS, cloud computing, COBIT, contracts, FIPS, information security, ISO 27001, ISO 27002, NIST, outsourcing, PCI DSS, SAS 70, SP 800-53, standards

Information Security Standards and Certifications in Contracting

By W. Scott Blackmer on May 26, 2010

It often makes sense to refer to an information security management framework or standard in an outsourcing contract, but this is usually not very meaningful unless the customer also understands what particular security measures the vendor will apply to protect the customer's data.

compliance, contracting, contracts, privacy, risk management, Security

Contracting for Cloud Computing Services

By InfoLawGroup LLP on May 18, 2010

Nearly every day, businesses are entering into arrangements to save the enterprise what appear tobe significant sums on information technology infrastructure by placing corporate data ''in the cloud.'' Win-win, right? Not so fast. If it seems too good to be true, it probably is. Many of these deals are negotiated quickly, or not negotiated at all, due to the perceived cost savings. Indeed, many are closed not in a conference room with signature blocks, ceremony, and champagne, but in a basement office with the click of a mouse. Unfortunately, with that single click, organizations may be putting the security of their sensitive data (personal information, trade secrets, intellectual property, and more) at risk, and may be overlooking critical compliance requirements of privacy and data security law (not to mention additional regulations). My article "Contracting for Cloud Computing Services: Privacy and Data Security Considerations," published this week in BNA's Privacy & Security Law Report, explores a number of contractual provisions that organizations should consider in purchasing cloud services. You can read the full article here, reprinted with the permission of BNA.

agreements, breach notice, certification, compliance, confidentiality, contracts, incident response, indemnification, information security, insurance, liability, risk management, standards

Information Security Clauses and Certifications - Part 1

By W. Scott Blackmer on January 17, 2010

Service contracts that involve protected personal information should include provisions allocating responsibility for protecting that information and responding to security breaches. Increasingly, this means incorporating specific references to applicable laws and information security standards, and often certifications of conformance.