P200: Strategic Procurement

Risk mitigation trainings ramp up

Risk MitigationLively discussions were held amongst the 200+ attendees at the trainings held in January for the UC ‘Appendix DS’, which is required on any UC agreement or contract that includes UC information or data.

Sponsored by the Ethics/Compliance/Audit Services Department, two in-person sessions were held: one in Oakland for Northern California attendees, and one at UCI for Southern California attendees.  The audiences represented various functions within UC including Risk and Privacy Officers, Information Security, Information Technology, Business Contracts, Procurement Services, Medical Center personnel, and Legal.

After a presentation on the ‘What, Why, Where, and How’ of Appendix DS by Roslyn Martorano, Systemwide Privacy Manager; Jon Good, Director of Information Security; Kathleen Quenneville, Principal Counsel in Office of General Counsel; and Dianne Yoder, Associate Director, System wide Strategic Sourcing, the attendees participated in a ‘hands-on’ negotiation of the terms of Appendix DS with a fictional supplier. This practical experience of understanding how to mitigate risk for the University turned out to be so successful that the attendees asked for extra time to continue the exercise. Attendees left the training with a new appreciation of why UC requires the provisions of Appendix DS, and how the inclusion of the provisions protects UC and the work done by all sectors of the University.

The Appendix DS training slide deck can be found on the secure UC Procurement Services training website. Contact Andrea.Tung@ucop.edu for the link.

The same presenters have been invited to make a similar presentation at the UCOP Risk Summit 2016 June 6-8 in Los Angeles.  The presentation titled “Don’t Need no Stinkin’ Data Security Agreement and other Contract Fairytales” will include revised key contract documents for privacy and security: Appendix- Data Security & Privacy, Payment Card Industry addendum, and Appendix- Business Associate.  They will cover when to use these and how the provisions protect UC’s interests.

Another training on the transformation from Business Associate Agreement to Appendix- Business Associate and annotated Appendix- BA is being planned. This training will start with a high-level webinar in May and follow-up with an in-person “deep dive” (similar to the Appendix DS training) in the fall.

Dianne Yoder

Associate Director, Systemwide Strategic Sourcing