Procurement, Legal, and Security Questions

Assemble a “procurement pack” so the deal doesn’t slip in the last week.

---

Learning Goal

• List procurement pack items (security, DPA, SLA, billing, signing).
• Prepare a one-page security/DPA summary.
• Create a legal/security checklist for meetings.
• Write an early-involvement template for legal/IT.
• Flag typical red flags (data path, access, compliance).
• Use AI to summarize policies.

---

Why It Matters

• Late legal/IT involvement causes slips.
• Clear security info reduces risk perception.
• Prepared pack speeds review.

---

Explanation

Procurement pack minimum

• Security one-pager (data, hosting, access, audit).
• DPA/SLA template.
• Billing/contract terms.
• Signature process (e-sign, contacts).

Involvement

• Call out legal/IT need during discovery.
• Send the security one-pager early.
• Book a review date.

---

Examples

Bad: Only after the proposal you discover DPA/security review.

Good: Send the one-pager post-discovery and book legal/IT review.

---

Guided Exercise (10–15 minutes)

1. Write your procurement pack list and fill what you have.
2. Draft a one-page security summary.
3. Write the involvement template for legal/IT.

Independent Exercise (5–10 minutes)

Send the one-pager on one live deal, book the review.

---

Self-check

• Procurement pack list ready.
• Security one-pager ready.
• Involvement template ready.
• Applied on one deal.

---

Optional Deep Dive

• Security one-pager template: https://www.notion.so/InfoSec-One-Pager-Template
• DPA basics: https://gdpr.eu/data-processing-agreement/