Buyers increasingly need to consider the challenges in preventing information security breaches. As highlighted by the recent case of Edward Snowden, who in working for a supplier to the NSA became aware of confidential information, businesses need to ensure that their security and information controls are effective on supply contracts.
It’s okay, we have a contract – or do we?
Even though contracts are essential for securing information and keeping the control over your businesses, contracts should not be seen as all-encompassing safety nets. Nor do contracts automatically cater for all the specifics of a given situation; the confidentiality clause may not fit the purpose, the contract might be out of date, there might be a lack of scale and scope to suit all scenarios, and the confidentiality provision may fail to survive the contract.
Is the supplier’s staff subject to the same confidentiality provisions as the client’s staff?
Procurement can help their other colleagues to mitigate the confidentiality challenges by asking the right questions from suppliers in negotiations, including understanding what they will do with data and other information provided during and after the contract. In some cases, suppliers are also given specific training to make them aware of appropriate behaviour.
External staff’s access to information
Even though it is often expedient to have the supplier’s staff working on-site, it may not, however, always be the best safeguard against confidentiality. External staff can occasionally come across sensitive information -such as business strategies, finances or sales plans – which, if leaked, creates risks.
Procurement’s role in safeguarding information
All supplier engagements have some degree of risk – whether it is operational, technical, commercial or legal – and thus, a scaled approach is needed. 4C advises buyers taking each case on its merits and agreeing an appropriate security approach. As we have discussed, merely havinga contract does not mean preventing the risks.