Q. What are some terms to include in a contract with a cybersecurity service provider?
A. Guidance that the Department of Labor’s (DOL) Employee Benefits Security Administration (EBSA) issued in April 2021 offers tips on terms to include in a contract with a cybersecurity service provider.
The DOL suggests include in the contract terms that would enhance cybersecurity protection such as those concerning the following.
- Information Security Reporting. Require the service provider to obtain a third-party audit annually to determine compliance with information security policies and procedures.
- Clear Provisions on the Use and Sharing of Information and Confidentiality. Spell out the service provider’s obligation to keep private information private, prevent the use or disclosure of confidential information without written permission, and meet a strong standard of care to protect confidential information against unauthorized access, loss, disclosure, modification or misuse.
- Notification of Cybersecurity Breaches. Identify how quickly the service provider will provide notification of any cyber incident or data breach, and ensure the service provider’s cooperation to investigate and reasonably address its cause.
- Compliance with Laws Concerning Records Retention and Destruction, Privacy and Information Security. Specify the service provider’s obligations to meet all applicable federal, state and local laws, rules, regulations, directives and other governmental requirements pertaining to the privacy, confidentiality, or security of participants’ personal information.
- Insurance. Consider requiring insurance coverage such as professional liability and errors and omissions liability insurance, cyber liability and privacy breach insurance, and/or fidelity bond/blanket crime coverage.
Recent Comments
Does the roth requirement for catch-up contributions for people who earned $145,000 apply to 457...
Hi Ed,
I really liked this article and I think you make a lot of sense. And I had no...
I believe there's a misstatement in that last quote - it should refer to governmental and...
Working with several medical providers as clients, I note that the high-end earners tend to push...
Congratulations to NTSAA for landing a good one. Nathan's breadth of experience and...