B2B-Sicherheit
How to Practice Safe B2B
The Stick
Enforcement is an issue that companies should plan for in advance,with the hope of never having to exercise the stipulated penalties.The best way to enforce security requirements is to establish them inyour B2B engagement contract. That provides a specifically delineatedrecourse should the partner fail to implement sound security measures.According to ISC2's Morrow, the ideal recourse against a lax partneris indemnification--an agreement that if you get sued for damagecaused by your partner's breach, the partner will pay you back theamount of the judgment. Of course, that requires proving that yourpartner was truly responsible.
On a case-by-case basis, Staples will provide in its B2B contractsthat the partner will indemnify Staples for damage or legal liabilitystemming from the partner's security lapses. But Gaffney says such aprovision can be tough to secure. "The bigger companies--particularlylarger software providers--tend to stick hard to holding back onindemnification," says Gaffney, adding that smaller companies mightagree to indemnification in return for more favorable pricing orproduct distribution.
Another form of recourse is a liquidated damages clause--a contractprovision stating that a partner that doesn't live up to its securityobligations (resulting in contract cancellation) will pay the otherpartner a set amount of money.
Finally, if a partner violates the contract by, say, failing theaudit, you have the right to terminate it. But think twice aboutapplying these sticks just because your partner has fallen short on anaudit or failed to meet a particular requirement, especially if youhaven't been harmed as a result. The ultimate objective of your B2Bengagement is a productive, profitable relationship. The minute youseek to terminate the contract or collect fines, you've likelydestroyed the relationship. You're much better off working with thepartner to remedy its lapses, ensuring a safer and more profitablepartnership for the future.