TIRA 2015: Tech Industry Risk Assessment
Part 2: Seven Areas to Focus on for Better Security and Risk Management

3. Contracts

Get out the good-news trumpets, everyone: a healthy 87 percent of insureon applicants are using contracts, up from 83 percent last year! Of course, you could also get out the wah-wah horn, because that means a still-fairly-significant 13 percent are not using contracts. And when you dig down into what's actually included in those contracts, there's room for improvement:

  • 12 percent of customers aren't including descriptions of their services.
  • 13 percent don't include language holding them harmless for acts of the third party.
  • 34 percent don't have a limitation of liability clause.

We get that a lot of you are flying solo, but here's a word to the wise: running a business without detailed contracts is a bad idea. Mitzi Hill, a data security attorney with the law firm Taylor English, spoke to us about documenting business relationships. At the end of the conversation, she offered this two-pronged bit of wisdom: "Plan, plan, plan; have form agreements in place." Pretty straightforward.

Icon - Contracts Help


She also offered some words of warning: "I see a lot of really short agreements that don't talk about allocation of risk or security standards being employed," she said. Yikes, right? This is one reason it's so important to work with a legal professional when drafting contracts for your business: to be truly effective, contracts need to delineate more than the basics of employment terms.

In a worst-case scenario, contracts act as the road map for a judge to decide which party is liable for expenses or damages. This may not seem that important for most clients, but what happens when you're working with someone in an industry with special data security standards? As Robert Covington points out, "various compliance standards, including PCI DSS and HIPAA, require an organization to assume responsibility for all regulated activities, regardless of whether they are conducted by an employee or a third party." In other words: your clients may have strict industry standards and use their contract with you to share some of their liability.

Covington also notes that larger clients may require that you have certain agreements with any subcontractors, including an NDA or encryption mandate.

While it's true that hiring a lawyer to draft and revise contracts for your business can be expensive (and you really should have a lawyer review any contract you use for business), it's even more expensive to find yourself on the losing end of a lawsuit because you have no written agreement in place. The good news: it's easy and inexpensive to find contract templates online (for example, from Entrepreneur New browser window icon. or from Rocket Lawyer New browser window icon.). Paying a lawyer to tweak these for your business is typically much cheaper than paying to have them built from scratch.

To-do item: Draft contracts for all business relationships, including clients, subcontractors, and employees

Risks managed: Potential lawsuit expenses minimized

Further reading: Get It in Writing: The IT Professional's Guide to Contracts.

Next: 4. Subcontractor Agreements

Grab-n-Go Information

IT Contracts eBook
Get It in Writing: The IT Professional's Guide to Essential Contracts
Browse eBook
Sample certificates
See a sample Certificate of Liability Insurance, the proof of coverage you need for most contracts.
View Sample
Sample Quotes & Cost Estimates
See what insurance really costs: actual quotes by policy & specialty.
Get Estimates
Ask A Question
Submit your questions about construction insurance and get answers from our experts.
Read Answers