5 Contract Management Security Questions you Should Be Asking

Topics: Security, Contract Management

At SpringCM, we work with all types of customers. In the sales process, we like to take a consultative approach, helping to guide prospects through their decision.

contract-management-securityIn almost all conversations, security comes up at some point. Most commonly, “Are my contracts secure in the cloud?” If you’re evaluating a contract management solution — specifically one that’s in the cloud — it’s likely that you have contract management security questions.

Here are 5 security questions you should ask the contract management vendor you’re evaluating:

1. What types of security audits do you pass?

The vendor you’re evaluating should routinely participate in security audits, vulnerability scans, penetration scans and other assessments by customers and partners.


2. What type of security is in place at your Data Centers?

Physical, as well as infrastructure security should be in place.

3. How does security extend to mobile devices?

At the very least, the vendor you select should have standard security features, such as PIN-protection and encryption of content on smartphones and tablets.

4. What methodologies and technologies support disaster recovery?

Your data should be routinely backed up, with plans for any disaster or contingency. Security methods should include:

  • All data is stored as multiple replicas across multiple geographies
  • Redundant hardware stack
  • Full data-at-rest encryption
  • Recovery time objective is designed to meet a 24 hour maximum.
  • Off-site data center equipment located in a "standby" facility
  • Data is replicated in near real-time in a disk to disk model.

5. How do you set up security from the user level?

You should have the ability to set security and permission around folders, as well as down to the document level. That way, users will only see documents or folders that they are permitted to see.

It’s no doubt that security is a big deal as you evaluate contract management solutions. Finding a vendor that takes security just as seriously as you is a non-negotiable in the process.

6 CLM Best Practices

Subscribe to Our Blog