These days, data protection (UK) or data privacy (US) is so important it even has its own day. January 28th, I’ve only just found out about it or you’d have been reading this blog last week but I’m not surprised. In any kind of business conversation privacy and security, at a deeper level, are of paramount concern for enterprises. And if they’re not they should be.
One of the issues that concern people most is the Cloud. Understandably. You need to know that your data is safe. Especially if you’re using a data centre owned by someone else. Whether your contract management system is cloud-based or hosted on your own premises, your security considerations should be the same.
By asking either your supplier or your own technical staff the right kind of questions you can reassure yourself that your choice of contract management software is the right one, in the right place. Don’t be afraid to ask fundamental questions. In this age of the data breach, you’re better safe than sorry.
Four things to ask about contract management software security
1. What’s the authentication process?
On a web application, users don’t have to be administrators. User access rights can be granted at multiple levels and this is key to the right security protocol. Considered confidentiality ensures that only authorised users see stored and transmitted information. Ask your supplier or your staff how they determine the different levels of access.
2. What’s the process to protect user accounts and passwords?
There should be an agreed timeframe for updates to default user accounts and passwords. All users should be clear about the password length, complexity and expiry. And after an installation, an upgrade or a fix, default user accounts and passwords should be updated.
3. What comprises the security audit, and how often does it take place?
For example, does it include vulnerability and penetration scans? Do customers and other partners have the opportunity to assess the on-going security arrangements? And do mobile devices have standard security features such as content encryption and pin protection?
4. What’s the disaster recovery process?
Contingency plans for disaster recovery are critical. And everyone should be aware of them. What’s the recovery time? Is the data stored as multiple replicas? Do you have full data-at-rest encryption?
One last thing – don’t forget about physical security
To maintain a safe implementation environment all your hardware should be physically secure. Only authorised administrators for the servers hosting contract management software should be admitted.
We can help you out – Contract Insight contract management software from Four Business Solutions
At Four, we use Contract Insight.
• It’s a state-of-the-art contract management software tool that’s easy to use, simple to install and reduces your total cost of contracts.
• It’s a web-based contract management software solution, with systems hosted on Microsoft Internet Technologies, using Windows Servers, .NET technologies and Microsoft’s MS SQL Server Database to store and retrieve data faster and more reliably.
• Security features include dedicated firewalls, monitored ports, monitored logs, backups, failover facilities, private web, private databases and server scans; all with username and password authentication.
• Contract Insight can be either installed on your company’s servers or hosted as a Cloud-based SaaS solution. On-site help is available from our team, or you can allow Four Business Solutions to manage the solution via our cloud deployment. Either way, the result is an extremely high level of security, suitable for most organisations.
• Our cloud solution fully complies with ISO 27001 certification (Information Security Management Standard), and we keep our standards fully up to date.
I’m the CEO at Four Business Solutions, global business consultants and software integrators providing business processes improvements in Finance, Supply Chain & Operations, across a broad range of industries. If you’d like a free trial to understand how Contract Insight can boost your cyber security, please call me on 0800 6250 025.