Cybersecurity Considerations: IT Contracts

Summary

This practice note sets out considerations relating to cybersecurity when drafting and negotiating IT contracts. More specifically, it discusses the importance of cybersecurity in IT contracts and obligations under privacy law. It also discusses risk management, including analysis of assessment of risks and options for mitigation, including the use of security policies, human resources security, physical and technical security, and incident management procedures. It also explains supplier audits where a third party hosts the IT processing, one technique for which is to contract for audit rights, discusses the associated challenges, and sets out clause samples.