absolutely have a Right to Audit in there. in fact, depending on the industry sector you are in, you may be required by LAW to do so in order to ensure the confidentiality of customer data (Medical, HIPAA; financial, Gramm-Leach-Bliley). let's put it this way. if it's not in there, you usually don't have a leg to stand on when you complain or try to sue them later. EVERYTHING should be specified in that contract, and I do mean, EVERYTHING.
>-----Original Message----- >From: [EMAIL PROTECTED] >Sent: Thursday, January 10, 2002 2:50 PM >To: [EMAIL PROTECTED] >Subject: Vendor Contract Computer Security Requirements > > > availability? Should the contract include a “Right to >audit” clause, disclosure agreement on proprietary >information, appropriate use guidelines for accessing >our company network and penalty for non- >compliance? Sorry for being so long winded. I hope >someone could point me in the right direction. Thanks >