Agreements with foreign partners deserve special attention. Setting up clear agreements up front can help mitigate specific risks and provide a solid base to fall back on in case things do go wrong. When it comes to procurement and contracting there are also important knowledge security related risks. There are measures that can be taken to mitigate these risks provided they are identified in time.
Collaboration with foreign institutions or companies can come about in various ways. Once substantive or financial commitments are made, however, it is important for the agreements to be documented in some form. One common means of concluding a partnership is through a Memorandum of Understanding (MoU). Collaboration can also take the form of a research assignment awarded to a knowledge institution by a foreign contractor. Collaboration agreements provide a good starting point for considering opportunities and risks. The conclusion or renewal of an agreement, as well as the acceptance of new assignments, is the perfect opportunity to perform an analysis to help mitigate potential risks.
See the National Knowledge Security Guidelines for further information on what you need to look out for in a collaboration agreement.
Some contracts are accompanied by security risks. This depends on the type of product or service, the client and the company to which the contract is awarded. For example, depending on these factors, there may be a risk that high-value or sensitive knowledge and information will be leaked, that vital business processes will be disrupted or that strategic dependencies will arise. Examples include the outsourcing of digital infrastructure, cloud services and software or the replacement of systems that are used to store large amounts of personal data. In addition, some procurement assignments require physical access to sensitive locations, where it is appropriate to take protective measures.
When contracting out, it is therefore important to start by identifying the presence of any such risks. The National Security Quick Scan for Procurement and Contracting, developed by the Dutch central government, can help to identify risks in procurement and contracting. If the results of the quick scan indicate possible risks, a risk analysis must be performed. The findings can be used to take measures to mitigate risks.
