Information security in supplier relationships

The IT contract is no longer just a commercial contract. 

Today, its primary purpose is to support the IT department's KPIs on availability - as close to 100% as possible.  

Therefore, it is important that you are aware of the requirements that the comprehensive cybersecurity regulation, such as NIS 2 implementation legislation and DORA, impose on the terms of an IT contract. 

The increased cyber threat and increased regulatory pressure have given the IT contract a key role in the organization's ability to manage risks associated with outsourcing IT.  

The organization must fundamentally be able to implement the same initiatives and actions as if the IT function were located in-house. 

Through the IT contract, the organization must set relevant terms for the IT supplier that reflect the legal requirements to which the organization is subject.  

This will often happen by translating conditions into internal policies as an organization. 

More generally, the IT contract is another tool that management uses to realize the objectives that will generally be found in management's cybersecurity strategy. 

What do you do in practice? 

  • The organization first identifies any legal regulations to which it is subject. 
  • As stated above, this could be, for example, NIS 2 implementation legislation or DORA, which contains requirements for contractual arrangements regarding outsourcing of IT. 
  • Relevant requirements that the law imposes on the outsourcing contract are then identified.  
  • The requirements are then translated into specific contract terms that support the fulfillment of the requirement. To ensure that the terms actually meet the requirements, other sources can be included in the preparation of the terms, such as material from the Danish Digital Agency. 


Examples of requirements that should be made into terms:
 


Need help? 

At Unitas We will help you with the above exercise. We are ready to help you too. 

Jacob Spliid – Legal Compliance Specialist & DPO – 30 11 65 08

Contact Unitas – your partner in security and compliance

Unitas provides reliable advice in compliance, IT and information security. With a pragmatic approach, we help companies in regulated industries manage security and operational responsibility effectively. Contact us to discuss how we can help you.

Form for contact page

NIS 2 implementation calculates

We throw ourselves around with knowledge...

Order your free material here and receive it in a few minutes in your inbox. To be safe, check your SPAM folder if necessary.

Get material ordered on the website sent

Wanna join? Sign up Unitas' newsletter

Registration form for newsletter

UNITAS vulnerability scanning