Actions by third-party vendors with access to a company’s data are the cause of some of the most damaging breaches. Carefully vetting and monitoring those vendors is crucial to a strong cybersecurity program. At a recent panel at IAPP’s Global Privacy Summit, counsel from Under Armour, AOL and Unisys provided practical guidance on how to implement a comprehensive vendor management program. This article, the second installment in our coverage of the panel, includes fourteen key cybersecurity provisions to include in vendor contracts and the panelists’ strategies for monitoring the vendor relationship and for effective breach response. The first article in our series includes the panelists’ discussion of nine questions to ask vendors during the due diligence process and factors to consider before contract negotiations. See also “Learning From the Target Data Breach About Effective Third-Party Risk Management”: Part One (Sep. 16, 2015); Part Two (Sep. 30, 2015).