Data Processing / Cybersecurity / Data Privacy

IACCM Council Representatives
Network Leads

Data Processing / Cybersecurity / Data Privacy

We are pleased to have you on board of the Data Processing / Cybersecurity / Data Privacy Group on the IACCM portal, a space for discussion and knowledge sharing around the concepts of data processing, data privacy and cybersecurity in technology contracts.

This group welcomes contract professionals that want to share and/or build up their knowledge around the modern IT contracting and will focus on:

We welcome your suggestions and ideas on what we can put on this year’s agenda. Here’s what we have in mind as key points to start with:


Looking forward to hearing from you.


All the best,


Group Owner                                                      Network Lead

Pablo Cilota,                                              Daniela Badescu,

IACCM                                                        Oracle


Network Updates

10 Pitfalls to Avoid in Contracting

I note that the post is from November 2015. Would you say that the statistics for these 10 have remained the same in 2019? Is it possible to get more information about the survey that was conducted, where did the input come from? For example, what is the 9.2% financial benefit / Erosion based on?


IACCM 2019 Benchmark Report

More than 750 organizations participated in IACCM's latest study, which covers all the critical areas of organizational design and performance. Reporting lines, performance measures, role and responsibilities, headcount, sources of learning - these and more are covered with extensive data, analysis, and IACCM observations and commentary. When reviewing the findings, please remember that in many cases they may reflect an average. Where necessary, you may wish to contact us to obtain more precise data applicable to your industry or size of organization. Equally, you may wish to contact us about undertaking a process capability assessment and workshop to assist your improvement journey.



For Agreement between the Parties of differnet origin , the aurgument starts up on Jurisdiction and governing law for the AGreement. while both the Parties are interested in proposing law of their respective country to be made applicable to the AGreement, I want to know whether there is any list of prioritised or ranked Jurisdiction/ Govering law like World bank ranks each country a ranking for " ease in doing business" and almost 190 countrites are listed. For example, I propose indian law and other Party would prefer Laws of Singpore to be governing law. Can parties choose England and wales as nuetral or any other preferred law.


IACCM Member Meeting, Singapore

IACCM Member Meetings are a great opportunity for members, guests, and anyone in Procurement, Contracting, Legal, Sales and Commercial Management to network and hear the latest news from around the globe. On 21 August 2019, IACCM Director, Member Services and Business Operations, Asia Pacific, Jennifer Jarrard facilitated the IACCM Member Meeting in Singapore. This event was open to all IACCM members, member's guests, and anyone in the procurement, contracting, and commercial space, and was free to attend thanks to our hosts Eversheds Harry Elias LLP. Click below to download the following presentations:-


CLM experiences

My company is looking into a new CLM solution, and I'd love to hear from other companies what experiences they faced in the RFP/RFI phase or selecting a CLM vendor, implementation experiences, and post deployment user experiences. What went well and what didn't go well? Which specific areas did the CLM not meet your or your stakeholders expectations?


Webinar - 5 Reasons Companies Are Ditching Their Contract Management System

Contracting professionals are frustrated with failed contract management implementations or systems that cannot keep pace with the growth and demands of the organization. In this IACCM Webinar, we will discuss the top 5 reasons companies are looking to replace their existing contracting Software and switch to a Contract Lifecycle Management (CLM) solution that better meets their needs.


Ask The Expert: The Rise of The Contract Designer - Contract Simplification and Design Explained

I like the preventive attitude to make the contract process simple for both parties. Good continuous improvement design ideas to inspire us all to start looking at how we manage our own contracts.


8 payment schemes

Jacko mentions there are 8 different payment schemes - do we know which?


Document and Record Management: An Interesting Challenge to Contract Managers.

Greetings fellow members. I posted the below essay about Document and Record Management in the NCMA Forum, to which I am also a member as CPCM and CCCM. My initial thought is to share my opinion on the subject matter in this two forums, and then compile everybody's contributions in a revised version to be later shared among all of us. I hope the content is of your interest and add value to your roles. Best regards... ________ Document and Record Management: An Interesting Challenge to Contract Managers By Arnaldo Arcay, LL.M., CPCM, CCCM, and CCMAP https://www.linkedin.com/pulse/document-record-management-interesting-challenge-contract-arcay If there is something positive to extract from the corporate scandals that occurred during the first decade of 2000, is that today we have robust pillars (although no perfect ones) that support the corporate world in which business transactions are performed. The constant evolving audit and compliance regulations and industry standards are designed to avoid corporate collapses driven by fraud, corruption, and malpractice. What Contract Management is today has been driven by such need to regulate and make more transparent, efficient, and sustainable business transactions, resulting not only in protecting the interests of shareholders and stakeholders, but probably more importantly in protecting the interests of employees and their families. Therefore, contract managers play a fundamental role in today's corporate and government contracting behaviors, and this is the main reason why the profession is growing and becoming more competitive every year. Among the many functions and responsibilities contract managers have, there is one that is of sum importance and it is considered a challenge to many of us. Document and record management policies and procedures represent a challenge to contract managers, and one particular reason derives from the fact that document and record management within a company is usually controlled by many functions with direct influence in its performance: IT, compliance, audit, and legal. Well defined and practiced document and record management policies and procedures can make the difference in being considered a transparent company or not; in protecting the company from adverse results during external audits or scrutiny, litigation, or regulatory procedures. Every contract manager must be fully aware of the importance of performing best practices in regards to document management and record management, despite the fact that whether the product or service being provided or the company's activities are regulated or not. In the event a company has not well defined document and/or record management systems or procedures, a well prepared contract manager should always implement, at least, the minimum standard for both practices in order to protect the company and its shareholders, stockholders, management, and last, but not least important, its employees. Even if the contract manager is sure that the company, product or service do not fall under a regulated regime (always consult with legal), one never knows when it may enter in the spectrum of a regulated activity or may be part in the future of a major litigation or external audit (a governmental agency having interest in the company, contract, product, or service). Within our contract management world, there is nothing more regulated than contracting with the Government (let's not forget about the commercial nuclear industry and the financial arena). Therefore, extra care shall be implemented by contract managers in observing FAR's provisions in regards to Contractor Record Retention policies and procedures (FAR Subpart 4.7). Yet, contract managers dealing with government contracts must even pay extra attention to the terms of the contract dealing with additional record retention obligations, particularly those dealing with retention periods which may be found in different Subparts of the FAR, or they have been amended or updated by competent Government Agencies or imposed by other applicable laws. Even more complicated could be calculating retention periods, especially during contract performance within multiple fiscal years. So contract managers must apply maximum care and diligence while dealing with government contracts. As part of the ugly truth, some companies and their management are mainly focused in how to be more efficient and productive. They may care more about how to be able to quickly have access to a document and abstracting its content (document management), and forget or pay less attention to the importance of keeping records properly (records management). Understanding the difference between document management and record management is central, but even more important is to understand how both management practices should complement each other. In other words, if your company, product or service is non-regulated, you may want to have a document management system that incorporates certain record management practices. However, if your company, products or services operate in a regulated regime (particularly if your company deals with the Government), your document management system should be incorporated into your record management system (or at least be compatible or be able to interact); but your company must have record management policies and procedures. The differences between documents and records are very simple, but many of us mix them up. Documents ('written, printed, or electronic matter that provides information or evidence'. Documents include physical and electronic data that support the existence of a contract or transaction) represent, express and support your company's daily business operations. Documents continuously evolve; they may change during a particular period. Since the moment a need is identified and the solicitation phase has started, until the contract's close-out phase, the documentation of this particular transaction or contract has been constantly evolving. In contrast, records ('evidence about the past, especially an account of an act or occurrence kept in writing or some other permanent form') do not evolve, they are final and simply represent unaltered recordings of a transaction or contract. They represent or provide evidence of company's activities, commitments, decisions, and other management activities. Once we have understood the difference between documents and records, document management can be considered a systematic process to administer documents which enables them to be properly created (keeping all the different versions during the negotiation process, for example), categorized, organized, shared, and easily retrievable by other team members or internal stakeholders. Document management provides efficiency to the administration of the contract and also provides support to the organization or company after contract closeout in the event of an internal or external audit, claim or litigation. However, a document management system may not secure observance of compliance obligations related to record retention that are imposed by law, regulation, industry standard, or internal policy. Record management is mainly composed by completed documents, fully executed contracts and certain supporting documents as per the record retention policy implemented by the company as required by law, regulation, or industry standard. Record management is strictly related to archiving documents and contracts, and their subsequent disposal as per the respective record retention schedule. This record retention schedule or policy includes classification, storage, security, custodian, preservation (including certain original documents), retention period, and deletion or destruction criteria. Record management shall be the result of a well-defined policy and procedure implemented by a company, particularly by those operating in regulated environments. Government agencies, industry regulators, auditors, lenders, partners, vendors, and even the judiciary system, may request a company to disclose its record management policy or to warrant their existence and applicability. So, as many may realize, there are important differences between both document and record management systems, but the reality is that document management is an integral element of the record management system. Companies should avoid having conflicting document and record management systems, and on the contrary, companies should secure that they harmonically interact by being fully compatible. The market offers many software solutions for both management systems, and many offers management systems that include both. Document and record management must be strictly observed, applied, and enforced by contract managers. These management functions are fundamentally important not only to comply with the law, regulations, and applicable industry standards, but they are also fundamental to properly support the contract functions within an organization. It helps to keep record of the reasons behind, and the studies and analysis performed to back-up the acquisition needs, and those decisions made through the negotiation process that drove to the execution version of the contract. Proper document and record management support the company in the event of an internal or external audit, eDiscovery, claims by third party or even litigation. Therefore, contract managers play probably the most important role in securing proper administration and application of these two management functions. Contract managers must innovate and proactively apply document and record management standards in their companies where these management functions are inexistence, poorly developed, or simply not properly followed.


Contract Automation and CMS Implementation - how to avoid the pitfalls and what to consider when selecting a vendor

Hello. I am wondering if any members have read the 'Automation: Essential Insights for Contract Management' Report and if so, does it address what to consider or pitfalls? My company is looking to implement a new CMS solution and will need to have current hard copies scanned into OCR format. Several people we have talked to have used software to get ocr and metadata and others have used companies; we are not sure what route to take. Also, what do we need to think about when ascertaining whether to have a third party technology implementation partner and a third party business implementation partner...we only have one chance to get set up correct. Thanks


Password protection for Statement of Work (SOW) on client's templates

Hi, What are your thoughts about enabling password protection with tracked changes turned on for SOWs on client's paper? I usually just keep tracked changes on for version control without any password protection if it's a client-provided template.


General Data Protection Regulation

I'm interested in how SMEs subject to the EU GDPR are dealing with its implementation in their B2B processes. I'm working with one SME EU-based software manufacturer who is still figuring out what data is collected about whom. Although they do collect data about their customers and their customers' end users, they don't perform any analysis on or profiling using the data. I think their implementation of the regulation will be some tightening of security around how the data is collected and held, along with an internal policy. How have you been progressing towards compliance?

Network Members
Showing subscriptions over the past three days. View all Network members

No new subscribers to this Network