Including specific security KPIs and obligations in a legally binding contract

Sending an email with a link to the company website

Trusting that the vendor is a large company and knows what it is doing

Buying licenses through an e-shop without reading the terms

A verbal agreement between the CTIO and the vendor's director