Common Contracts

Information Security Best Practices: Service Provider Agreements

October 5th, 2014

• Filed
  October 5th, 2014

A business retains a vendor to perform customer-billing services. One of the vendor’s computers is hacked from an IP address in China when a server is inadvertently left without a firewall following an internet outage. The attack compromises customer credit card information, and triggers notifications statutes throughout the country. As between the business and the vendor, how will responsibility for responding to the event handled? The answer may lie in a thoughtfully drafted service provider agreement.