Data Processing / Cybersecurity / Data Privacy

IACCM Council Representatives
Network Leads

Data Processing / Cybersecurity / Data Privacy

We are pleased to have you on board of the Data Processing / Cybersecurity / Data Privacy Group on the IACCM portal, a space for discussion and knowledge sharing around the concepts of data processing, data privacy and cybersecurity in technology contracts.

This group welcomes contract professionals that want to share and/or build up their knowledge around the modern IT contracting and will focus on:

We welcome your suggestions and ideas on what we can put on this year’s agenda. Here’s what we have in mind as key points to start with:


Looking forward to hearing from you.


All the best,


Group Owner                                                      Network Lead

Pablo Cilota,                                              Daniela Badescu,

IACCM                                                        Oracle


Network Updates

Mastering contract complexity for greater regulatory compliance and risk management - IACCM Americas Conference 2019

All organizations need to address industry or government regulations as well as internal governance and compliance mandates. This can create added complexity to completing transactions, managing risk and keeping down cost. Changes in regulation requirements such as GDPR and SOX create challenges in keeping current language in place at renewal or onset of new business. In this session learn how large organizations operating in a highly regulated environment delivered innovative contract management solutions to reduce contract cycle time, increased speed of audits and aligned functions for better planning and insight into the business.


Keynote address: responsible Innovation - IACCM Americas Conference 2019

The Business Roundtable lists responsibility to customers, employees, suppliers, and communities above responsibilities to shareholders. This puts every trading relationship in the crosshairs of what could be sweeping changes in business, from lawyers to contract developers and negotiators, contract and commercial managers to procurement. How can they come together to plan and oversee these new responsibilities? How are these new responsibilities part of integrated 'trading relationships'? This and more will be discussed as Steven Tiell, Global Lead for Responsible Innovation at Accenture, shares insights about Responsible Innovation with the IACCM audience.


Joint Ventures

Hi Would anyone be happy to have a discussion with me, or give me some pointers on managing a JV where you are both a customer, supplier and a shareholder? It would be good to understand how other companies navigate this tricky relationship and if there is any IACCM best practice I should adhere too? I have different contract managers who are responsible for the customer and supplier side to eliminate any conflict of interest, but the whole governance is so much more complex than a straight commercial arrangement. Therefore, if anyone has any experience or observations they would be happy to share, I would really appreciate your help. Kind Regards Jan


Webinar - Building the Foundation for Professional and Organizational Success

I like the idea of asking new employees what their learning style is during the onboarding training period. I too am a visual learner, so by seeing and doing the work first-hand during training helps me to learn better and faster. Good idea as it helps promote inclusion and diversity and increase employee morale as not everyone's learning style is the same and should make the employee comfortable in a new environment.


10 Pitfalls to Avoid in Contracting

I note that the post is from November 2015. Would you say that the statistics for these 10 have remained the same in 2019? Is it possible to get more information about the survey that was conducted, where did the input come from? For example, what is the 9.2% financial benefit / Erosion based on?



For Agreement between the Parties of differnet origin , the aurgument starts up on Jurisdiction and governing law for the AGreement. while both the Parties are interested in proposing law of their respective country to be made applicable to the AGreement, I want to know whether there is any list of prioritised or ranked Jurisdiction/ Govering law like World bank ranks each country a ranking for " ease in doing business" and almost 190 countrites are listed. For example, I propose indian law and other Party would prefer Laws of Singpore to be governing law. Can parties choose England and wales as nuetral or any other preferred law.


CLM experiences

My company is looking into a new CLM solution, and I'd love to hear from other companies what experiences they faced in the RFP/RFI phase or selecting a CLM vendor, implementation experiences, and post deployment user experiences. What went well and what didn't go well? Which specific areas did the CLM not meet your or your stakeholders expectations?


Ask The Expert: The Rise of The Contract Designer - Contract Simplification and Design Explained

I like the preventive attitude to make the contract process simple for both parties. Good continuous improvement design ideas to inspire us all to start looking at how we manage our own contracts.


Document and Record Management: An Interesting Challenge to Contract Managers.

Greetings fellow members. I posted the below essay about Document and Record Management in the NCMA Forum, to which I am also a member as CPCM and CCCM. My initial thought is to share my opinion on the subject matter in this two forums, and then compile everybody's contributions in a revised version to be later shared among all of us. I hope the content is of your interest and add value to your roles. Best regards... ________ Document and Record Management: An Interesting Challenge to Contract Managers By Arnaldo Arcay, LL.M., CPCM, CCCM, and CCMAP https://www.linkedin.com/pulse/document-record-management-interesting-challenge-contract-arcay If there is something positive to extract from the corporate scandals that occurred during the first decade of 2000, is that today we have robust pillars (although no perfect ones) that support the corporate world in which business transactions are performed. The constant evolving audit and compliance regulations and industry standards are designed to avoid corporate collapses driven by fraud, corruption, and malpractice. What Contract Management is today has been driven by such need to regulate and make more transparent, efficient, and sustainable business transactions, resulting not only in protecting the interests of shareholders and stakeholders, but probably more importantly in protecting the interests of employees and their families. Therefore, contract managers play a fundamental role in today's corporate and government contracting behaviors, and this is the main reason why the profession is growing and becoming more competitive every year. Among the many functions and responsibilities contract managers have, there is one that is of sum importance and it is considered a challenge to many of us. Document and record management policies and procedures represent a challenge to contract managers, and one particular reason derives from the fact that document and record management within a company is usually controlled by many functions with direct influence in its performance: IT, compliance, audit, and legal. Well defined and practiced document and record management policies and procedures can make the difference in being considered a transparent company or not; in protecting the company from adverse results during external audits or scrutiny, litigation, or regulatory procedures. Every contract manager must be fully aware of the importance of performing best practices in regards to document management and record management, despite the fact that whether the product or service being provided or the company's activities are regulated or not. In the event a company has not well defined document and/or record management systems or procedures, a well prepared contract manager should always implement, at least, the minimum standard for both practices in order to protect the company and its shareholders, stockholders, management, and last, but not least important, its employees. Even if the contract manager is sure that the company, product or service do not fall under a regulated regime (always consult with legal), one never knows when it may enter in the spectrum of a regulated activity or may be part in the future of a major litigation or external audit (a governmental agency having interest in the company, contract, product, or service). Within our contract management world, there is nothing more regulated than contracting with the Government (let's not forget about the commercial nuclear industry and the financial arena). Therefore, extra care shall be implemented by contract managers in observing FAR's provisions in regards to Contractor Record Retention policies and procedures (FAR Subpart 4.7). Yet, contract managers dealing with government contracts must even pay extra attention to the terms of the contract dealing with additional record retention obligations, particularly those dealing with retention periods which may be found in different Subparts of the FAR, or they have been amended or updated by competent Government Agencies or imposed by other applicable laws. Even more complicated could be calculating retention periods, especially during contract performance within multiple fiscal years. So contract managers must apply maximum care and diligence while dealing with government contracts. As part of the ugly truth, some companies and their management are mainly focused in how to be more efficient and productive. They may care more about how to be able to quickly have access to a document and abstracting its content (document management), and forget or pay less attention to the importance of keeping records properly (records management). Understanding the difference between document management and record management is central, but even more important is to understand how both management practices should complement each other. In other words, if your company, product or service is non-regulated, you may want to have a document management system that incorporates certain record management practices. However, if your company, products or services operate in a regulated regime (particularly if your company deals with the Government), your document management system should be incorporated into your record management system (or at least be compatible or be able to interact); but your company must have record management policies and procedures. The differences between documents and records are very simple, but many of us mix them up. Documents ('written, printed, or electronic matter that provides information or evidence'. Documents include physical and electronic data that support the existence of a contract or transaction) represent, express and support your company's daily business operations. Documents continuously evolve; they may change during a particular period. Since the moment a need is identified and the solicitation phase has started, until the contract's close-out phase, the documentation of this particular transaction or contract has been constantly evolving. In contrast, records ('evidence about the past, especially an account of an act or occurrence kept in writing or some other permanent form') do not evolve, they are final and simply represent unaltered recordings of a transaction or contract. They represent or provide evidence of company's activities, commitments, decisions, and other management activities. Once we have understood the difference between documents and records, document management can be considered a systematic process to administer documents which enables them to be properly created (keeping all the different versions during the negotiation process, for example), categorized, organized, shared, and easily retrievable by other team members or internal stakeholders. Document management provides efficiency to the administration of the contract and also provides support to the organization or company after contract closeout in the event of an internal or external audit, claim or litigation. However, a document management system may not secure observance of compliance obligations related to record retention that are imposed by law, regulation, industry standard, or internal policy. Record management is mainly composed by completed documents, fully executed contracts and certain supporting documents as per the record retention policy implemented by the company as required by law, regulation, or industry standard. Record management is strictly related to archiving documents and contracts, and their subsequent disposal as per the respective record retention schedule. This record retention schedule or policy includes classification, storage, security, custodian, preservation (including certain original documents), retention period, and deletion or destruction criteria. Record management shall be the result of a well-defined policy and procedure implemented by a company, particularly by those operating in regulated environments. Government agencies, industry regulators, auditors, lenders, partners, vendors, and even the judiciary system, may request a company to disclose its record management policy or to warrant their existence and applicability. So, as many may realize, there are important differences between both document and record management systems, but the reality is that document management is an integral element of the record management system. Companies should avoid having conflicting document and record management systems, and on the contrary, companies should secure that they harmonically interact by being fully compatible. The market offers many software solutions for both management systems, and many offers management systems that include both. Document and record management must be strictly observed, applied, and enforced by contract managers. These management functions are fundamentally important not only to comply with the law, regulations, and applicable industry standards, but they are also fundamental to properly support the contract functions within an organization. It helps to keep record of the reasons behind, and the studies and analysis performed to back-up the acquisition needs, and those decisions made through the negotiation process that drove to the execution version of the contract. Proper document and record management support the company in the event of an internal or external audit, eDiscovery, claims by third party or even litigation. Therefore, contract managers play probably the most important role in securing proper administration and application of these two management functions. Contract managers must innovate and proactively apply document and record management standards in their companies where these management functions are inexistence, poorly developed, or simply not properly followed.


Contract Automation and CMS Implementation - how to avoid the pitfalls and what to consider when selecting a vendor

Hello. I am wondering if any members have read the 'Automation: Essential Insights for Contract Management' Report and if so, does it address what to consider or pitfalls? My company is looking to implement a new CMS solution and will need to have current hard copies scanned into OCR format. Several people we have talked to have used software to get ocr and metadata and others have used companies; we are not sure what route to take. Also, what do we need to think about when ascertaining whether to have a third party technology implementation partner and a third party business implementation partner...we only have one chance to get set up correct. Thanks


Password protection for Statement of Work (SOW) on client's templates

Hi, What are your thoughts about enabling password protection with tracked changes turned on for SOWs on client's paper? I usually just keep tracked changes on for version control without any password protection if it's a client-provided template.


General Data Protection Regulation

I'm interested in how SMEs subject to the EU GDPR are dealing with its implementation in their B2B processes. I'm working with one SME EU-based software manufacturer who is still figuring out what data is collected about whom. Although they do collect data about their customers and their customers' end users, they don't perform any analysis on or profiling using the data. I think their implementation of the regulation will be some tightening of security around how the data is collected and held, along with an internal policy. How have you been progressing towards compliance?

Network Members