Negotiating the right provisions in your contracts is one of the most important things you can do to mitigate and manage risks in your vendor relationships. Here are nine provisions you want to make sure you address in your vendor contracts.
1. Business Continuity and Disaster Recovery – Covers what happens in the event of a service interruption. Should include the right to test a vendor’s business continuity plans.
2. Data Ownership and Transfer – Identifies who owns the data that is collected and/or stored, and the process to be followed in getting that data back when you want it.
3. Indemnity and Liability – Allows for relief in the event a vendor does something wrong or fails to perform, and sets the limits around losses incurred as a result of a vendor failure.
4. Information Security and Privacy – Different from data ownership, it restricts the use of the data by permitting the vendor to use data only as required to perform the services.
5. Right to Audit – Provides the ability for you to audit the vendor’s operations and records to ensure they are meeting contractual requirements, industry standards and/or compliance with laws and regulations.
6. Scope of Services – Defines the nature of the services/products, timing, delivery methods and location. You’d be surprised how often these are too vague to hold anyone actually accountable.
7. Service Level Agreements – Establishes agreed upon expectations for service levels the vendor must meet. These are common in technology and outsourcing contracts, and should address expectations for non-performance or breach, and penalties for both.
8. Subcontractor Relationships – Requires the identification of 4th parties the vendor may use, and how the vendor is going to monitor their compliance with applicable contractual agreements.
9. Termination Events – Defines what triggers termination, and the transition activities that must occur to affect an orderly transition.
Incorporating the right provisions into your contracts allows you to mitigate risk at the start of the relationship rather than trying to “put the toothpaste back in the tube” later on. It also allows you to balance the acceptance of risk and liability in your agreements that makes sense for both you and your vendors.
This blog is part of a series on vendor management best practices and insights shared at the 2018 Third Party Risk Management Summit. More than 150 vendor management professionals from some of the most leading edge companies gathered to discuss this growing business discipline.
Author: Tom Rogers
Job Title: CEO
Organization: Vendor Centric
Tom is the founder and CEO of Vendor Centric, he has been a trusted advisor to nonprofit organizations for 30 years, with a focus on helping them align the right people, processes and systems to mitigate third-party risk and drive more value from third-party contracts and relationships.