The ISAlliance introductory guide to information security commercial contracts is part of the ISAlliance Model Contracts Project.

The Problem:
Nearly every business today depends on sharing electronic information within a network of service partners. Businesses are struggling to effectively integrate information security management into commercial service agreements involving data processing and online services. Divergent regulatory “silos” are developing
conflicting expectations regarding contract-based information security.

Contracts are being overwhelmed by poorly drafted and inconsistent controls that create
a climate in which further government management of private commercial agreements
is escalating.

The Solution:
Contracting for Information Security in Commercial Transactions – An Introductory Guide addresses information security issues for businesses by providing a resource for contract-based, market driven improvements in information security that will:

• Substantially reduce transaction costs by providing uniform clauses structured around recognized information security building blocks, which can be employed by members and the general commercial marketplace;

• Lower legal fees associated with the educational costs of becoming familiar with the function and purpose of information security in service agreements;

• Improve consistency in the administration of related commercial relationships which reduces the chance for incidents arising from the risks of administering multiple, inconsistent requirements; and

• Provide an explanatory index of the business topics of information security, a glossary of model contract definitions and detailed contract clauses (including provisions addressing privacy management).

 

The Internet Security Alliance believes that this Guide may help reduce the number of security incidents by assisting companies in refining their security practices, particularly in data sharing relationships such as outsourcing, data services, and transaction processing.