This CLE will examine the business, cybersecurity, and legal concerns of supply chain and vendor risk in the wake on the covid-19 pandemic. An organization’s information security activities should begin before it undertakes transactions as vendor or purchaser. Cybersecurity strategy should be informed by laws and regulations – federal, state, local, and international (at national, regional, provincial, and local levels) – to which the organization is subject. From the purchaser’s perspective, vendor selection should also be informed by the purchaser’s specific requirements and expectations regarding the information and information systems relevant to the vendor relationship.

Panelists will discuss procuring organizations, vendors, and their respective counsel to address information security requirements in their transactions. They will frame the issues parties should consider consistent with common principles for managing cybersecurity risk. Parties should also contemplate transactions from due diligence and vendor selection through contracting and vendor management. Cybersecurity provisions are not “one-size-fits-all,” but should instead be informed by parties’ assessment of risk and strategies to mitigate risk.