You just signed up a big name cyber security company to come in and fix your cyber. Now what? They will fill the sky with consultants at a fantastic billing rate.

Here a checklist to keep you from getting burned:

Do not rush – take your time to line up your side of the table.

Does your vendor have remote access?

Are they authorized to access what you need for the gig?

Are you scrounging resources and documents? If so, stop and reschedule the gig.

Did your vendor provide a pre-engagement checklist? If not, get one. Finding a single IP address after the fact costs money.

Are roles and responsibilities clearly called out in the contract?

Are milestones listed as contract line items?

Does the contract include the words “any” or “all”? Re-word it or everyone will be angry because you do not have a clearly defined endpoint.

Is the handoff back to you clearly defined? Define the steps for a handoff.