A contract may be a formal agreement with a supplier, business partner, customer, etc. with whom data is shared or disclosed. Contracts may be the registration of the existence of any agreement signed with a third party such as a Service agreement, Data processor agreement, partnership agreement, System hosting agreement etc.
Where can I manage contracts and third parties?
Under Main menu > Contract management
The name of the the contract is the formal name of the agreement. (e.g. ‘Hosting agreement with Microsoft’.
Add a contract reference which is the reference number of the contract.
Assign a responsible or accountable to the contract. The responsible(s) can be one or more people who in some way or another is responsible for the contract management processes. It is possible to add more owners. Alternatively, several owners can be selected, one of which is marked with a star indicating the final accountable. This way, several users can be owners, while only one has overall responsibility.
Groups and categories
Relate the contract to a specific third party that is already on your central list of third parties (legal entities), that your organization shares information with. As an Admin you can click ‘Create new’ to add a new third party to the list.
Add a category to the contract from the existing drop down menu, or create a new category. You can create a new category yourself by typing direct in the field. Going forward, the option can be selected in the drop-down menu. E.g. a category could be ‘Hosting partner’ or ‘Customer’.
Here it is possible to create tags that allow the contract to be searched using an alternative keyword – e.g. if the business has an alternative name for the contract or if you want to tag the contract as a “third country transfer”.
Here you can activate or deactivate a number of specific features on your contract module.
- Contract measures: Click yes, if you would like to be able to add contract measures to this module. This means that you can map out a list of measures that this contract should be measured by such as security requirements that are set out in the contract (implementation physical security, access management, encryption or specific controls from ISO standards) – it could also be specific legal requirements from e.g. competition laws that you want to keep track of per contract. Another example could be document specific supplementary measures in order to implement and report on Schrems II. A final example could be to document the amount sizes of each contract, so that contract management is able to filter on small an large amount contracts. The Admin can create any measure needed.
- Data privacy: Click yes, if you would like to be able to map out data privacy questions such as data processor agreements, locations, legal basis etc.
- Risk management features: Click yes, if you would like to be able to assess business or privacy risks to the contract.
- Relations: Click yes, if you want to be able to see lists of all the activities, systems and data that the contract is related to.
- Validations: Click yes, if you want to be able to validate each contract, to indicate if the current state of the contract should be ‘Accepted’ or ‘Rejected’.
Upload or link to any documents related to this contract. E.g. the actual agreement. Give the contract a formal name, add a category, e.g. main agreement, DPA, appendix. (you can add a new category by writing something in the field. Remember to indicate if the contract is signed or pending.
Add a contact person for the contract, inlcuding, Category (e.g. Internal service requester, Sales rep.) , E-mail-address or phonenumber. (you need the Advanced contract module for this feature)
Create or add contract measures on the sheet, Measures
Fill out relevant information related to privacy, under the Sheet, Privacy
Sub Data processors
Add and fill out risk scenarios under the sheet, Risk Management
See projects, assessments under the sheet, Assessments
Here you can see a list of impact assessment reports and projects where the contract has been included.
See related activities, systems and data categories on the sheet, relations
Activities on contracts
Business activities where this contract is related/involved according to business responsibles. E.g. a specific hosting agreement is involved in HR process, according to HR personnel.
Systems on contracts
Systems where this contract is related/involved according to business responsibles. E.g. a specific hosting agreement is related to a specific HR system according to HR personnel.
Dat categories that are shared with third parties as a part of a specific agreement. E.g. Contact information and salary data is shared with a system provider as a part of a hosting agreement.