Snowden and third-party outsourcing

The September/October issue of the in-house newsletter of the International Association for Contract and Commercial Management (IACCM) deals with some weighty issues.

Photo Credit: Mizrak via Compfight cc
Photo Credit: Mizrak via Compfight cc

An entire issue is devoted to the topic of ethics and the moral dimensions of contract and commercial management. It’s an unusual topic, but of course it is bound to garner a good deal of interest.

The issue’s topics and articles are definitely skewed more toward the “Commercial Management” portion of the IACCM’s realm of interest – and even more toward sales-side/related issues.

So the ethics articles’ applicability to all things contract management is a bit limited – but we were happy to see some articles addressing a related topic. Specifically, that’s NSA-contractor-turned-leaker Edward Snowden.

A pair of articles deal with remedies to what is in essence a very real problem for all companies that outsource sensitive work: how do you really prevent data breaches of all kinds – especially when dealing with third-party vendors? Anyone involved in outsourcing services has certainly wondered about this.

In the first of the pair of articles, MacDonnell Ulsch, CEO and Chief Analyst at Boston, MA-based ZeroPoint Risk Research, tackles vetting third party vendors. This is an interesting topic and Ulsch’s list of 10 “considerations” is illuminating. Consider it a roadmap for vetting the people who are doing the vetting.

The second article by Edward Willey III, a transactional attorney and contract management professional based in Dallas, Texas, looks at the issue from a different viewpoint. Willey focuses on process controls and info security standards in contracts. On the former topic Willey admits there’s no easy solution – and reaches the same conclusion on the latter. Still, the article is worth the read and features some interesting links.

Third-party risks of all kinds can be grouped under the general topic of “risk management.” As we’ve noted in prior blogs, some vertical industries are keenly aware of third-party risk (such as banks and credit unions).

One thing is clear, however. Scrutiny on managing contracts of all sorts when contractors deal with sensitive information is a good idea. After all, if your company is outsourcing to a third-party vendor to complete work for a client, it’s your company’s reputation that’s on the line, ultimately. And of course, that process first starts with a good contract management solution.