Security matters whether you are building your own IT system, outsourcing application development or buying off the shelf software. This document is not intended to replace dialog with both your CISO and your legal counsel, but rather provides a starting point in terms of the type of contractual language to consider and potentially require be part of a software agreement with your vendor.
This document address the following questions:
- Has your supplier thought about security?
- How has your supplier thought about security?
- Customer - Supplier discussion of security
- Security after delivery of the Software
- Vulnerability Service Level Agreement (SLA)