Contracts

  • 1 minute(s) read
Prev Next

Overview

SAFE TPRM’s Contract Analysis feature automatically reviews uploaded contracts and summarizes key risks, obligations, and missing controls. It gives users a clear snapshot of positives, negatives, and risk categories (Security, Privacy, Legal, Operational, AI) helping risk teams and procurement leads quickly assess vendor contracts without manual deep-dives.

The system also extracts expiry dates, stage (e.g., Draft, Negotiation, Fully Executed), and status (Active/Outdated), enabling better contract lifecycle management.

Accessing Contracts

To review or upload vendor contracts in SAFE, follow these steps:

  1. From the vendor list, click on the third-party whose contract you want to manage.

  2. Scroll right using the right arrow (>) until you find the Contracts card under the Assessment section.

  3. Click the Contracts card to open the contracts page.

  4. Upload a Contract:

    1. On this page, you can upload a contract file.

    2. SAFE allows only one contract per third-party.

    3. Drag and drop a contract file into the upload area to begin analysis.

  5. View Contract Summary:

    1. If a contract has already been uploaded, SAFE automatically displays its Contract Summary instead of the upload option.

    2. The summary includes key takeaways, identified risks, expiry date, stage, and contract status.

Understanding the Contract Summary

Once a contract is uploaded, SAFE generates a structured Contract Summary.

  • Key Takeaways

    • Positives (Green): Strong clauses and controls included in the contract.

    • Negatives (Red): Missing controls, compliance gaps, or high-risk areas that may require remediation.

  • Risk Categorization: Contracts are automatically classified under:

    • Security Risk – e.g., encryption, audit rights, incident response.

    • Privacy Risk – e.g., GDPR/CCPA compliance, data transfer terms.

    • Legal Risk – e.g., indemnity, liability, governing law.

    • Operational Risk – e.g., SLAs, continuity, change of control.

    • AI Risk – e.g., AI governance, ownership, model outputs.

  • Contract Metadata

    • Contract Expiry Date – Extracted automatically from the document.

    • Contract Stage – User-selectable (Draft, Negotiation, Fully Executed).

    • Contract Status – Automatically marked as Active or Outdated.

    • Uploaded By / At – Tracks user and timestamp for audit trail.

Dashboard widget for contract analytics

SAFE provides dedicated Contract Analytics dashboard widgets to give users real-time visibility into vendor contract health. These widgets help TPRM teams track contract distribution and anticipate renewals before risk exposure increases.

Available Widgets

  1. Organizations by Contract Status

    • Displays the count of vendors with Active and Expired contracts.

    • Helps users quickly identify vendors operating with outdated agreements.

  2. Organizations by Contract Expiry Date

    • Shows vendors with contracts expiring within a selected timeframe (Week/Month).

    • Includes contract status (Active/Expired) and stage (Pre-Contract, Negotiation, Fully Executed).

    • Enables proactive follow-up with vendors before contracts lapse.