Contract Management

This message was posted by a user wishing to remain anonymous

Anyone willing to share how do you manage software purchases? How do you track terms or know who accepts any terms on what date? We would like to create a document of some sort to complete when vendor owners find a software they want to buy, but also track the terms and have something on file that states the who and when.

Hi there

Managing this information for your users is a great idea. However, organizing the list could be tricky depending on how you approach your vendor management today. Hopefully, you are using a third-party risk management platform that allows for the indexing of product types and services. If that is the case, you could easily extract the product type information and create a software report for your users. Again, it depends on your system, but you could also include contact information for existing software products in that report.

As for new software products, it may be possible for you to leverage your process for new vendors. You may want to explore creating an inherent risk assessment specific to software purchases that can capture additional information, such as contract terms and if the software vendor provides a SBOM (software bill of materials.)

Those are my ideas, but I would love to hear how other members might approach this project.