contracts Our Cybersecurity Webinar Series To help you understand - - PowerPoint PPT Presentation

contracts
SMART_READER_LITE
LIVE PREVIEW

contracts Our Cybersecurity Webinar Series To help you understand - - PowerPoint PPT Presentation

Sep 30, 2023 170 likes •370 views

Data Governance & Contract Management: How you can build security into your contracts Our Cybersecurity Webinar Series To help you understand the cyber risk in your legal vendor portfolio: Week 1 Week 2 Week 3 Week 4 July July July

slide-1
SLIDE 1

Data Governance & Contract Management: How you can build security into your contracts

slide-2
SLIDE 2

Our Cybersecurity Webinar Series

To help you understand the cyber risk in your legal vendor portfolio:

8

July

15

July

22

July

29

July

PRIVILEGED DATA: Understanding the cyber security challenges with your legal vendors CYBER SECURITY BENCHMARKING: What you need to know now, how to avoid risk LEGAL VENDOR CYBER RISK PROGRAM: How to deal with problems (and how to avoid them in the first place) DATA GOVERNANCE & CONTRACT MANAGEMENT: How you can build security into your contracts

Week 1 Week 2 Week 3 Week 4

Why What How

slide-3
SLIDE 3

Introductions

Tyler Marion Managing Director Duff & Phelps, Legal Management Consulting Derek Mihm Senior Manager Duff & Phelps, Legal Management Consulting

slide-4
SLIDE 4

4

Our Work

Contract Landscaping Contract Automation Database Oversight Data Migration Drafting & Negotiation Contract Review

slide-5
SLIDE 5

In this webinar we will review:

  • How to structure risk mitigation in your contracts: recommended

clause types

  • An overview of a typical, proactive data security risk mitigation

workflow for contracting

  • Methods to retrospectively mitigate data security risk in existing

relationships’ contracts

Today’s Webinar

Overview

slide-6
SLIDE 6

STRUCTURING RISK MITIGATION IN CONTRACT LANGUAGE

slide-7
SLIDE 7
  • Required Precautions –

‒ Level of Security Required ‒ Restrictions on Storage ‒ Access Limitations ‒ Update Requirements

Precautionary Clauses

Proactive Language to Ensure Security Measures Exist

slide-8
SLIDE 8

Incident Response Clauses

Language to Ensure Breaches are Handled Appropriately

  • Breach Procedures

‒ Incident Response Plans ‒ Notification Requirements

  • Timing
  • Contents

‒ Indemnification/Reimbursement

slide-9
SLIDE 9

INCLUDING RISK MITIGATION LANGUAGE IN YOUR CONTRACTS

slide-10
SLIDE 10

Most standard information security procedures follow some form

  • f the above process, with variations introduced based on the

unique needs of the organization in question.

Current Standard Infosec Model

How do you choose the right terms for your engagement?

slide-11
SLIDE 11
  • Employ questionnaires to

systematically identify risk covering a variety of technical and physical attack vectors

  • Develop a matrix with axes

based on the sensitivity of the data and the quality of the security the vendor has in place

  • Draft Security Addenda with the

least restrictive language sufficient to address the various points on the matrix

Matching your Risk to your Language

QUALITY OF SECURITY Low Medium High SENSITIVITY OF DATA Low Rider B Rider A Rider A Medium Rider D Rider C Rider A High Rider F Rider E Rider C

slide-12
SLIDE 12
  • Information Security Reviews

can be time consuming, but there are ways to expedite vendor onboarding:

‒ Provide the option for a vendor to voluntarily adopt the most stringent addenda ‒ Engage a third party risk assessment vendor to provide faster recommendations

Pitfalls in Procurement

Potential Solutions to Reduce Time-to-Execution

slide-13
SLIDE 13

CONTRACT LANDSCAPING: How to Use AI to Mitigate Risk in Existing Relationships

slide-14
SLIDE 14

Controlling for Risk in Existing Contracts

  • Existing Agreements or

Rogue Contractors

  • Acquired Contracts
  • Changes in Scope
slide-15
SLIDE 15
  • What is the current state of

commercially-available contract AI?

‒ Fuzzy Text Searching ‒ Pre-Trained Data Models ‒ Bespoke Training based on User Annotation

Artificial Intelligence and Contracts

How to use Current-State AI as a Risk Identification Tool

slide-16
SLIDE 16
  • Clause Extraction: Find the relevant language
  • Point Extraction: Examine the clause to extract discrete data

points

  • Inferences: Use deductive reasoning and relationships between

fields to intuit new data points

AI “Reading” Contracts – How is it done?

slide-17
SLIDE 17

The goal is to eliminate firms from a “risk list” by finding data security terms in contracts with those firms. Once all mitigated vendors are eliminated from the list, those that remain can be repapered with the appropriate security rider.

Contract Landscaping

Using AI-Generated Data to Identify Risky Relationships and Repair Them

slide-18
SLIDE 18

QUESTIONS / COMMENTS

slide-19
SLIDE 19 A DUFF & PHELPS PRODUCT

Thank You

For more information please contact:

Tyler.Marion@duffandphelps.com

Tyler Marion

M: +1 (206) 472-4934 Derek.Mihm@duffandphelps.com

Derek Mihm

M: +1 (651) 393-4060