Contracts and Proposals
Build security into your client proposals or contracts.
If you haven't talked about and formally agreed about security that probably means that it is not being done. We are seeing an increase in interest in security in general on both sides of the software supply chain. Many software development shops don't know how to start building security into their client proposals at the same time that their customers are exploring ways to explicitly require it.
How does it work?
Working with contracts may include any or all of the following:
- Security training to help organizations identify important security risks.
- Training for proposal writers to understand how to include security in proposals.
- Building template language fitting for an organization's proposals
- Proofing proposals and identify areas of risk.
- Working with a legal team to understand risks.
- Serving as an expert resource during communications with clients or partners.
Who should be interested?
- Consulting organizations wishing to explicitly discuss and manage security risks with their clients.
- Organizations wishing to make responsibility for security clear through their legal agreements with partners.
What does it cost?
Handling security in contracts is a consulting engagement that varies based on the scope and desired activities.