Vol. 41, No. 3

New checklist from ABA Cybersecurity Legal Task Force aims to make vendor partnerships safer

by Marilyn Cavicchia

Imagine this: Your bar association is excited to partner with a new vendor. Its products or services are exactly what’s needed to keep the bar’s operations running smoothly or to help your members in their practice.

The introduction is a big splash, everyone is happy … and then the vendor calls. There’s been a data breach. It involves your data. And the truth is, it could just as easily be you having to make that difficult phone call because something on your end has put the vendor at risk.

The ABA Cybersecurity Legal Task Force recently released its Vendor Contracting Project: Cybersecurity Checklist to help avoid this and other nightmare scenarios that could occur anytime you—or your members and/or their law firms—do business with an outside partner.

Here are just a few of the questions that the checklist indicates are critically important when considering any such partnership:

  • Who will produce the product or perform the service and, thereby, have access to the purchaser’s information or systems?
  • How will the contracting parties interact and share and manage information? Will the vendor have direct access to the purchaser’s systems for any reason, including maintenance and support?
  • What records, data, information, and analytics will the vendor create during the term of the contract, and who will own them?

The task force notes that cybersecurity isn’t one size fits all, and that you may wish to adapt the checklist to suit your own regulatory requirements and business needs. Its members are excited to offer this new tool to state, local, and specialty bar organizations and welcome your feedback via email to staff person Kelly Russo.