Third Party Management: Supplier Contract Review
Xcina Case Study

Third Party Management: Supplier Contract Review for National Charity

The client

A national charity supporting people with learning disabilities, autism and mental health needs.

The work

As part of our management of an end to end Request for Proposal (RFP) for a fully managed network solution and a new telecommunications system we reviewed supplier contracts for fitness for purpose.

How we helped

Once the successful supplier was selected we conducted a comprehensive review of the proposed contract for supply of network management and telecoms solutions. The aim of the review was to ensure that third party risks (such as SLA breach, breach of contract, data breach, fraud, adverse media) were adequately catered for within the contract terms & conditions and that the client had suitable legal recourse in the event the contract was not fulfilled. Our review identified a number of shortfalls and departures from good practice which we were able to negotiate into the contract on the client’s behalf. Specifically this covered the Rights of Audit, specific statement on service credits for SLA breach, obligation for regular service reviews and reporting, and more comprehensive Data Protection clauses.

Value added

Firms habitually tend to sign a supplier’s ‘vanilla’ contract as supplied. This is almost always set up in the suppliers favour and commits them to the bare minimum. Our knowledge of third party risk and extensive experience of technology contract review enabled timely adjustment of the contract in the client’s favour and greater protection from third party risks while they were still in a position to influence.

Industry and sector:


Solutions and service area:

What our clients say

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do. "

Getac Technology Corp, Legal Affairs Center

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do."

ParkMobileUK, Managing Director

"Xcina Consulting performed an annual review of our card data environment, and ensured that we are compliant with the PCI-DSS. We continue to work with their experienced QSAs, leveraging their guidance and best practices so we have the highest possible level of security controls in place."

DKB Brands, Data Protection Officer

"Xcina really helped us to kick start our data protection compliance process. They took the time to speak to all departments of the business and outlined our highest risk to lowest risk areas. The insight and guidance they provided was essential for our business to become GDPR compliant."

Portman Settled Estates Limited, Estate Secretary

"Xcina’s ongoing support has ensured that our employees feel confident when dealing with data protection matters, with best practice knowledge and expertise from consultants who have taken the time to get to know our business and our industry."

National Bank of Kuwait, Compliance Officer

"Xcina worked with us on a number of data protection matters, including subject access requests and gave helpful, practical advice which reflected their understanding of technology issues as well as legal matters."

Your World Recruitment, Group IT Director

"We have worked with with Xcina successfully for two years, initially on internal GDPR GAP analysis. We now have them engaged as our ‘Virtual DPO’ provider and regularly receive useful, pragmatic and, more importantly, actionable advice on all areas of Data Protection."

Quadrangle Research, Group Chief Operating Officer

Discover how we have supported businesses like yours >>

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>