Helping Keep Your Contracts Secure

Posted: October 16, 2015 by Thom Davidson

"This article provides some suggestions for helping assure your contract management system and access stays secure.  Data center and infrastructure recommendations will be addressed in a future blog post."

Thom Davidson

Contract Management Security

 Encryption: Look for encryption of your documents both at rest and in transit. This should also be true of remote backups. Most vendors use 256-bit AES (Federal Government certified for top secret documents).

 Role-based Access Controls: Generally speaking, a role can be given a series of permissions like add contract, change contract, etc. A group can have one or more roles. A user can be a member of one or more groups. Therefore, a user gains the permissions based on the groups that they are a member.  Roles can be created and managed by grouping together access privileges and administrative capabilities that meet the access needs of users in a group.   Often, roles are based on job responsibilities.  When a contract manager, for example, signs on as a new user, the person is assigned the appropriate role that automatically allows access to all of the designation services needed to perform the job.  It is an easy, efficient way to set access privileges for users. It also provides an efficient mechanism for altering access privileges for common groups of users in the future.

 Password Length and Style: Conventional wisdom is that additional complexity presented by special characters, symbols, numbers and a mix of upper and lower case make it almost hack proof.  They are wrong! Character-for-character, password length is more important for security than complexity. Requiring complexity but allowing passwords to remain short makes passwords more vulnerable to attack than simply requiring easier-to-remember, longer passwords.  Drop your 6-10 character complex passwords and replace it with a long phrase.  You will be safer and so will your contracts.  Contract Guardian allows for virtually unlimited password length.  Better yet, use a digital vault!

 Digital Vault: We encourage our clients to use one of the premier digital vaults for management of their passwords regardless of the application they are using. My personal preference is Features:

  • Only having one password to remember (LastPass will automatically log you into any of your Brower based applications)
  • Generation of Long, Strong Passwords: The LastPass password generator appears when you're creating an account or updating an existing one, so you have unique passwords that follow best security practices.
  • Record your most important information: Create secure notes for credit cards, insurance cards, memberships, WiFi logins, passports, driver's licenses, and more. Store the information you need to keep safe and private.
  • Multifactor Authentication: Recommended by industry experts, multifactor authentication adds a second login step when signing in to your LastPass account, so that your account is even more secure. Select one of the many multifactor authentication options we support to better protect your personal information.
  • Perform an Audit: Run the LastPass Security Challenge to check your progress, and identify areas where you can continue to improve your online security. LastPass also alerts you to weak and duplicate passwords as you're logging in to your accounts, so you can generate new ones immediately.

 Auto time-out: Make sure the system automatically times out after a reasonable period of time. This avoids someone walking away from their system and someone using their computer during their absence.

 Audit Journal: You want to track the activity of the system and be able to search/report on that activity. Example: Contract Guardian assures you that you can record, search, report and be notified on any task/activity related to the management of your contracts. The journal of your contract management system activities allows:

Contract Journal Views Each Transaction Provides
All Journal items Ability to zoom into the detail (Contract, Email message, Tasks assignment, etc.)
Only Contract Identification of related document
Contract Notification Emails Complete audit stamp: Data/Time/User that created, changed or deleted information related to your contracts
Contract Workflows Title of the activity
Tasks for Contract Management Before and after contract meta data values
Manual Journal Entries Export to Excel

If you follow the suggestions above,  you will be well on your way to securing your contracts and access to the information.

About Contract Guardian CG has clients in 43 States and 9 Countries. Our Contract Guardian contract management software has been a key part of our overall success. Hospitals and healthcare were the first clients to leverage this powerful product and then it spread to other industries.

For more information, please contact us.