Big company agreements for the inbound procurement of stuff

08 Sep 18 1244
Big companies have procurement departments that use supplier contracts that contain clauses like this (from an actual big company supplier agreement (presented as "non-negotiable") for the purchase of off-site services, and one that already imposes robust confidentiality obligations on the supplier):

Supplier will: (a) designate one employee to be in charge of Supplier’s information security program; (b) maintain adequate physical security of all premises in which BIGCO Information will be processed and/or stored including that physical media containing such records is stored in locked facilities, storage areas or containers; (c) implement reasonable precautions with respect to the employment of, and access given to, Supplier personnel and contractors, including background checks; screening; security clearances that assign specific access privileges to individuals; training and security awareness programs for personnel and contractors; monitoring personnel and contractor compliance with policies and procedures; imposing disciplinary measures for violations of such policies and procedures; preventing terminated personnel and contractors from accessing systems or records containing BIGCO Information; and prohibiting Supplier personnel and contractors from bringing, transporting or transmitting BIGCO Information to their homes, or personal computers, e-mail accounts, devices or media; (d) impose reasonable restrictions on access to records containing BIGCO Information, such that BIGCO Information is only accessible to Supplier personnel and contractors on a need-to-know basis; (e) encrypt BIGCO Information with industry best practice encryption levels at all times while in transit over a public network or wireless network, while stored on a laptop or portable storage media or while stored on computing equipment that is connected to the Internet; (f) upon deletion of electronic BIGCO Information, at a minimum, ensure that computers and other media which may contain any BIGCO Information be overwritten with at least a single-string “wipe”; that offline queue computers’ memory that may contain any BIGCO Information be overwritten with, at a minimum, the number of strings of code as specified in the then-current U.S. Department of Defense standard for deletion of electronic information; and that any other computers or media on which any BIGCO Information may be contained be overwritten in a manner appropriate to the circumstances (but in no event less than a single-string wipe); and (g) adopt up-to-date and leading edge technologies in consultation with, or otherwise at the request of, BIGCO for the safe, secure and accurate collection, processing, storage and distribution of BIGCO Information.

If there's a breach of confidentiality, the supplier is liable. If there's not a breach of confidentiality, then none of the above matters.
Query Thread Page

On this page you can:
 
  • subscribe to this query
    By subscribing, you will receive email (as frequently as you specify) of new activity in this query.
  • vote up or vote down queries and replies
    Voting is a generalized proxy for your assessment of the worth, quality, articulation, etc of a query or reply. Voting up a reply or query increases the reply/query author's mojo by one. After you vote, you have five minutes to undo it.
  • reply to the query or add a comment to the query or any reply
    A reply is a serious substantive response, worthy of addition to the knowledge being recorded for all of us here. Comments, simply, are for responses that are not replies (questions, clarifications, caveats, etc). You must scroll all the way down to add a reply; might as well read all of the replies on the way down. If you would like to include with your reply new legal text for others to edit, feel free to add a clause. Adding a reply gives you one mojo.
  • edit a clause (quick-reply)
    If you want to quickly add a reply that is an edit of another member's legal text, click the edit clause link on the clause you wish to edit, and you will be taken to the bottom of the page, with the text of the clause ready for your edits.
  • select best reply (if you are the author of the query)
    If you authored this query, be sure to select the reply that you believe is the best (and consider explaining why you selected this reply as best in a comment to that reply). You receive one mojo for doing so. The author of the reply you select as best will receive four mojo or the bounty award you posted for this query. You can change your mind as many times as you want. If you de-select a best reply, the reply author loses two mojo or the bounty mojo awarded, and you lose one mojo.
  • edit/update or delete query (if you are the query author)
    If you authored this query, you may edit it at any time, and delete it before a reply has been posted to it. Clauses may be edited only if no other member has redlined that clause. You may also add a bounty award or increase already-posted bounty, at any time (even after a reply has been posted).
  • flag (ie complain about) a query, reply or comment
    Use as sparingly as appropriate given the circumstances.
  • quiver and favorite
    You may add/remove this query to/from your favorites, and add/remove clauses in this query to/from your quiver. If you are a guild moderator, you can similarly add/remove this query to/from guild favorites, and add/remove clauses here to/from your guild quiver.

A friendly reminder: be excellent to each other and remember the human.

FAQs | How do I ...?
What are subscriptions?
Redline allows you to subscribe to queries (so that you can be alerted to new replies and comments that are posted to those queries), members (so that you can know of new queries posted by that member) and guilds (so that you can track new queries posted with tags of guilds you follow). With subscriptions, you are notified via email, and on the Home (Your Notifications) page, of new activity corresponding to your subscriptions. Via the Settings/Subscriptions page, you can manage your subscriptions, including altering the timing of notification emails.