Protecting Contract Data from Security Breaches

By David Parks, Director of Product Marketing, Contract Logix

This year has already been another tough one for data breaches around the globe. There was the Bulgarian revenue agency hack that compromised over 5 million records, the Facebook 3rd party dataset issue involving over 540 million records, the FEMA PII incident that breached the personal information of 2.5 million disaster victims, and the Oregon Dept. of Human Services that exposed over 2 million emails containing SSNs and other sensitive information, just to name a few.

It seems the probability of data breaches increases each year. And with new government regulation and penalties constantly emerging – and for good reason –the consequences are rising as well.

Download Top 10 Best Practices for Contract Management to learn more.

At Contract Logix we take protecting contract data from breaches extremely seriously. After all, your contractual agreements with customers, suppliers, and other counterparties contain some of your most sensitive and business-critical information. If it falls into the wrong hands, the financial, legal, and brand consequences can be devastating.

In fact, one of the main drivers we hear from prospects for adopting contract management software is the desire to increase security and compliance to reduce risk. It’s very hard to regulate access to contractual information when using old school filing cabinets, shared folders like Box or SharePoint, and spreadsheets. On the flipside, it’s a piece a cake to do it with contract software thanks to sophisticated yet easy-to-use role-based permissions functionality. Check out this article for some best practices on how to do that.

But in addition to solving the internal access and security issue, you also want to make sure that your data is protected in other ways from external threats. Here’s a list of some of the most important measures we’ve taken with our contract management software and business processes to keep your contracts and related data safe and sound so that your organization doesn’t end up on someone’s list of data breaches.

For more detail on each one, please visit our dedicated Data Privacy and Security Standards page.

  1. Separation of customer data – co-mingling of data isn’t good and we don’t do it.
  2. Data encryption at rest and in transit – whether your data is in the cloud or on its way to it, we automatically encrypt it using the best standards.
  3. Azure key vault encryption management – it’s important to keep the keys to unlock encrypted data safe. See Microsoft Azure’s site for more detail on this one.
  4. Disaster recovery – if a hacker or natural event takes down a data center, you don’t lose access to your data or service.
  5. Regulated access control and user authentication – I talked about this one above with the role-based permissions. Bottom line is you want granular control of who as has access to what.
  6. Employee background verification and training – Even though we never touch your data, every Contract Logix employee goes through an extensive background check and must take and pass ongoing security, regulatory, and compliance training.
  7. Data retention, archival, and restore – we follow industry-leading practices to ensure data is properly deleted, archived, and maintained.
  8. Industry and 3rd party testing and assessment – we take a security-first approach with our software and use third parties to certify and monitor that promise.
  9. Password policy management – yes, we know that changing passwords and getting locked out when you forget yours can be a pain but it’s a necessary evil and we do it.
  10. Data privacy – Not only do we comply with Privacy Shield; we have NO direct access to your data.
  11. Physical and environmental controls – our SaaS platform is hosted in the Microsoft Azure cloud which meets and exceeds the toughest security requirements.

Takeaway

Ensuring data security is a serious matter. That seriousness is compounded when dealing with legally binding information like the kind found in your contracts. Protecting contract data from breaches, disasters, or other internal and external events is an absolute top priority at Contract Logix. That’s why our contract management software is trusted by hundreds of security-conscious companies to manage and protect their sensitive contract data.