Companies’ widespread reliance on third-party data and payment processors lets them jettison their on-site infrastructure and focus more on their core missions, but it also exposes them to significant cybersecurity risk. Contracts such as data processing agreements can help limit liability and address the potential harm that a third-party breach or misuse of data can cause. We distill insights provided by Foley & Lardner, Vinson & Elkins and Woods Rogers partners during a recent program sponsored by Strafford CLE Webinars on vetting vendors and key considerations for third-party contract terms regarding the scope and nature of services, incident response and indemnification. See our two-part series on privacy and security provisions in vendor agreements: “Assessing the Risks” (Mar. 17, 2021); and “Key Data Processing Considerations” (Mar. 24, 2021).