Data Processing / Cybersecurity / Data Privacy

IACCM Council Representatives
Network Leads

Data Processing / Cybersecurity / Data Privacy

We are pleased to have you on board of the Data Processing / Cybersecurity / Data Privacy Group on the IACCM portal, a space for discussion and knowledge sharing around the concepts of data processing, data privacy and cybersecurity in technology contracts.

This group welcomes contract professionals that want to share and/or build up their knowledge around the modern IT contracting and will focus on:

We welcome your suggestions and ideas on what we can put on this year’s agenda. Here’s what we have in mind as key points to start with:


Looking forward to hearing from you.


All the best,


Group Owner                                                      Network Lead

Pablo Cilota,                                              Daniela Badescu,

IACCM                                                        Oracle


Network Updates

End of Life hardware costs

Recently, when reviewing the costs built up in a Service & Support contract noticed we had accounted for an "excessive" amount of hardware upgrades. I thought we had overestimated these costs, but we are talking about a 5 year contract and I can see now the rapid evolution of the technology and regulatory pressures to change existing hardware that reached the End of Life. I can see now we had properly estimated those costs.


The end of Procurement

Hello Tim I found your article very interesting. I agree that procurement struggled for years to prove its real value, and it is still struggling. Firstly. Until the procurement staff performance is measured on monetary savings mainly and their work considered purely administration, it will be difficult to make any changes. The demand need to come from senior commercial leaders. The targets set for procurement staff are quick turnaround time and monetary savings. There is very little time to build relationship! Question. If the new technologies will make procurement quicker, with less or without people, would the relationship element be pushed back even more? No need to lift the phone anymore or meet in person! While I can hear that you would have more time to interact with suppliers. That is not, what I can see, but increasing volume of work, as you can do procurement quicker. In my view, the senior commercial leaders need to understand the benefit of relationships in business, set the direction and support the staff to achieve it. Support means not only sending a person on course but show it how it is done. Really seen nowadays! Secondly. I am always interested in self-development. What do you think what skills should we should concentrate on?


Contract Forgery and other Fraud (Sell-side POV) - What preventive controls do you have in place and does your organization allow sellers to send contracts to customers directly for signature/review

Hello Folks: We have a number of processes in place to present various types of contract fraud for example customer forgery or side letters which we do not tolerate. However, on occasion we do face issues. Its not a major problem, however, we are looking to reduce the risk as much as possible. I have two questions. 1. How have others in the community mitigated this risk with process, technology and people, etc. 2. Does your organization allow sellers to send contracts to customers directly for signature or review (e.g, email, e-signature, etc.) of this entire process handled by a contracts or legal team only? Thanks in advance for your feedback.


Icertis Webinar - Contracting as a Global Team Sport: Making the Business Case Across the Enterprise

Join experts from IACCM and Icertis to understand how to build a coalition across disparate divisions and stakeholders. We'll share examples of how you can create a team of champions to reimagine your current contracting processes and execute on this vision across the enterprise.


A Guide to Public Wifi Security Risks & How to Use it Safely

Our connection to the internet has had a huge impact on how we operate as a global society. It's drawn the world closer together, and made it easier than ever to research, absorb and relay information at the click of a button.


Malbek Webinar - Reimagining Contract Data at the Heart of the Enterprise

Many organizations struggle with limited or outdated contracting solutions while trying to keep up with an ever-changing business environment. TIBCO Software, a global provider of data solutions, needed a change that could evolve with their growing and demanding business. They understood that contract data sits at the heart of the enterprise and a CLM tool needs to be a central platform that integrates well with other solutions throughout the company. Their goal was to bring contract data to life, to be able to analyze risk, identify favorable terms, and expedite contracting cycles. Even with employees working from home and spread across the globe, TIBCO was able to effectively and remotely deploy a new solution in record time.


Moving Forward - key resources to survive and thrive - IACCM Member update June 2020

To help IACCM members move forward, this webinar explores resources and information recently released. Topics include: Need to know 1. VIBE Summit 2. Staying on TASK in the New Normal 3. Coaching for the New Normal 4. IACCM Council Elections - Vote Now 5. COVID-19 Support. Member-only offer ends 30 June 6. Managing Contracts Virtually - offer ends 26 June Research 7. Most Negotiated Terms 2020 Resources 8. Contracting Excellence Ideas and Issues 9. Adaptive Automation and Talent: Is There a Link? Events 10. TASK Webinars 11. Virtual Member Meetings 12. Ask the Expert and other Webinars 13. Body Language in Live and Online Negotiations BONUS 14. Think Global - Act Local


Voting for the IACCM Council is now OPEN!

Take this opportunity to influence the future of IACCM and play your part in the mission to achieve world-class standards in contracting and relationship management processes and skills. The IACCM Global Council will be formed of approximately 150 IACCM Members each representing either a specific country, region or IACCM community network. Vote NOW for your preferred candidates and influence the ambassadors in this body of professionals.


Document and Record Management: An Interesting Challenge to Contract Managers.

Greetings fellow members. I posted the below essay about Document and Record Management in the NCMA Forum, to which I am also a member as CPCM and CCCM. My initial thought is to share my opinion on the subject matter in this two forums, and then compile everybody's contributions in a revised version to be later shared among all of us. I hope the content is of your interest and add value to your roles. Best regards... ________ Document and Record Management: An Interesting Challenge to Contract Managers By Arnaldo Arcay, LL.M., CPCM, CCCM, and CCMAP https://www.linkedin.com/pulse/document-record-management-interesting-challenge-contract-arcay If there is something positive to extract from the corporate scandals that occurred during the first decade of 2000, is that today we have robust pillars (although no perfect ones) that support the corporate world in which business transactions are performed. The constant evolving audit and compliance regulations and industry standards are designed to avoid corporate collapses driven by fraud, corruption, and malpractice. What Contract Management is today has been driven by such need to regulate and make more transparent, efficient, and sustainable business transactions, resulting not only in protecting the interests of shareholders and stakeholders, but probably more importantly in protecting the interests of employees and their families. Therefore, contract managers play a fundamental role in today's corporate and government contracting behaviors, and this is the main reason why the profession is growing and becoming more competitive every year. Among the many functions and responsibilities contract managers have, there is one that is of sum importance and it is considered a challenge to many of us. Document and record management policies and procedures represent a challenge to contract managers, and one particular reason derives from the fact that document and record management within a company is usually controlled by many functions with direct influence in its performance: IT, compliance, audit, and legal. Well defined and practiced document and record management policies and procedures can make the difference in being considered a transparent company or not; in protecting the company from adverse results during external audits or scrutiny, litigation, or regulatory procedures. Every contract manager must be fully aware of the importance of performing best practices in regards to document management and record management, despite the fact that whether the product or service being provided or the company's activities are regulated or not. In the event a company has not well defined document and/or record management systems or procedures, a well prepared contract manager should always implement, at least, the minimum standard for both practices in order to protect the company and its shareholders, stockholders, management, and last, but not least important, its employees. Even if the contract manager is sure that the company, product or service do not fall under a regulated regime (always consult with legal), one never knows when it may enter in the spectrum of a regulated activity or may be part in the future of a major litigation or external audit (a governmental agency having interest in the company, contract, product, or service). Within our contract management world, there is nothing more regulated than contracting with the Government (let's not forget about the commercial nuclear industry and the financial arena). Therefore, extra care shall be implemented by contract managers in observing FAR's provisions in regards to Contractor Record Retention policies and procedures (FAR Subpart 4.7). Yet, contract managers dealing with government contracts must even pay extra attention to the terms of the contract dealing with additional record retention obligations, particularly those dealing with retention periods which may be found in different Subparts of the FAR, or they have been amended or updated by competent Government Agencies or imposed by other applicable laws. Even more complicated could be calculating retention periods, especially during contract performance within multiple fiscal years. So contract managers must apply maximum care and diligence while dealing with government contracts. As part of the ugly truth, some companies and their management are mainly focused in how to be more efficient and productive. They may care more about how to be able to quickly have access to a document and abstracting its content (document management), and forget or pay less attention to the importance of keeping records properly (records management). Understanding the difference between document management and record management is central, but even more important is to understand how both management practices should complement each other. In other words, if your company, product or service is non-regulated, you may want to have a document management system that incorporates certain record management practices. However, if your company, products or services operate in a regulated regime (particularly if your company deals with the Government), your document management system should be incorporated into your record management system (or at least be compatible or be able to interact); but your company must have record management policies and procedures. The differences between documents and records are very simple, but many of us mix them up. Documents ('written, printed, or electronic matter that provides information or evidence'. Documents include physical and electronic data that support the existence of a contract or transaction) represent, express and support your company's daily business operations. Documents continuously evolve; they may change during a particular period. Since the moment a need is identified and the solicitation phase has started, until the contract's close-out phase, the documentation of this particular transaction or contract has been constantly evolving. In contrast, records ('evidence about the past, especially an account of an act or occurrence kept in writing or some other permanent form') do not evolve, they are final and simply represent unaltered recordings of a transaction or contract. They represent or provide evidence of company's activities, commitments, decisions, and other management activities. Once we have understood the difference between documents and records, document management can be considered a systematic process to administer documents which enables them to be properly created (keeping all the different versions during the negotiation process, for example), categorized, organized, shared, and easily retrievable by other team members or internal stakeholders. Document management provides efficiency to the administration of the contract and also provides support to the organization or company after contract closeout in the event of an internal or external audit, claim or litigation. However, a document management system may not secure observance of compliance obligations related to record retention that are imposed by law, regulation, industry standard, or internal policy. Record management is mainly composed by completed documents, fully executed contracts and certain supporting documents as per the record retention policy implemented by the company as required by law, regulation, or industry standard. Record management is strictly related to archiving documents and contracts, and their subsequent disposal as per the respective record retention schedule. This record retention schedule or policy includes classification, storage, security, custodian, preservation (including certain original documents), retention period, and deletion or destruction criteria. Record management shall be the result of a well-defined policy and procedure implemented by a company, particularly by those operating in regulated environments. Government agencies, industry regulators, auditors, lenders, partners, vendors, and even the judiciary system, may request a company to disclose its record management policy or to warrant their existence and applicability. So, as many may realize, there are important differences between both document and record management systems, but the reality is that document management is an integral element of the record management system. Companies should avoid having conflicting document and record management systems, and on the contrary, companies should secure that they harmonically interact by being fully compatible. The market offers many software solutions for both management systems, and many offers management systems that include both. Document and record management must be strictly observed, applied, and enforced by contract managers. These management functions are fundamentally important not only to comply with the law, regulations, and applicable industry standards, but they are also fundamental to properly support the contract functions within an organization. It helps to keep record of the reasons behind, and the studies and analysis performed to back-up the acquisition needs, and those decisions made through the negotiation process that drove to the execution version of the contract. Proper document and record management support the company in the event of an internal or external audit, eDiscovery, claims by third party or even litigation. Therefore, contract managers play probably the most important role in securing proper administration and application of these two management functions. Contract managers must innovate and proactively apply document and record management standards in their companies where these management functions are inexistence, poorly developed, or simply not properly followed.


Contract Automation and CMS Implementation - how to avoid the pitfalls and what to consider when selecting a vendor

Hello. I am wondering if any members have read the 'Automation: Essential Insights for Contract Management' Report and if so, does it address what to consider or pitfalls? My company is looking to implement a new CMS solution and will need to have current hard copies scanned into OCR format. Several people we have talked to have used software to get ocr and metadata and others have used companies; we are not sure what route to take. Also, what do we need to think about when ascertaining whether to have a third party technology implementation partner and a third party business implementation partner...we only have one chance to get set up correct. Thanks


Password protection for Statement of Work (SOW) on client's templates

Hi, What are your thoughts about enabling password protection with tracked changes turned on for SOWs on client's paper? I usually just keep tracked changes on for version control without any password protection if it's a client-provided template.


General Data Protection Regulation

I'm interested in how SMEs subject to the EU GDPR are dealing with its implementation in their B2B processes. I'm working with one SME EU-based software manufacturer who is still figuring out what data is collected about whom. Although they do collect data about their customers and their customers' end users, they don't perform any analysis on or profiling using the data. I think their implementation of the regulation will be some tightening of security around how the data is collected and held, along with an internal policy. How have you been progressing towards compliance?

Network Members
Showing subscriptions over the past three days. View all Network members

No new subscribers to this Network