CRM LEGAL REVIEW CHECKLIST

Created by ChecklistGuro (https://checklistguro.com)


--- CONTRACTUAL AGREEMENTS ---
[ ] Contract Start Date
[ ] Contract Renewal Date
[ ] Contract Value (Annual)
[ ] Summary of Key Contract Terms
[ ] Uploaded Contract Document
[ ] Contract Type (e.g., Subscription, Perpetual) (Subscription, Perpetual)
[ ] Service Level Agreement (SLA) Status (Active, Review Required, Outdated)
[ ] Description of Data Processing Agreement (DPA) Scope

--- DATA PRIVACY COMPLIANCE ---
[ ] Applicable Data Privacy Regulations (GDPR, CCPA, PIPEDA, Other)
[ ] Data Categories Processed (Personal Data, Sensitive Personal Data, Financial Data, Health Data, Other)
[ ] Last Data Privacy Impact Assessment Date
[ ] Description of Data Minimization Practices
[ ] Consent Mechanism Used (Explicit Consent, Implied Consent, No Consent Required)
[ ] Description of Data Subject Rights Procedures
[ ] Number of Data Subject Access Requests Received Last Year
[ ] Data Processing Agreement (DPA) - Upload

--- SECURITY AND ACCESS CONTROLS ---
[ ] Maximum Login Attempts Before Lockout
[ ] Multi-Factor Authentication (MFA) Enabled? (Yes, No, Partial (some users))
[ ] Password Complexity Requirements Defined? (Yes, No)
[ ] Access Control List (ACL) Document
[ ] Least Privilege Principle Applied? (Yes, No, Under Review)
[ ] Session Timeout Duration (minutes)
[ ] Description of Role-Based Access Controls

--- INTELLECTUAL PROPERTY RIGHTS ---
[ ] Software License Verification
[ ] Documentation of IP Ownership
[ ] Proof of Copyright Registration
[ ] Usage Rights Confirmation (Confirmed, Pending Review, Denied)
[ ] Copyright Expiration Date
[ ] Number of Licenses

--- EXPORT CONTROL COMPLIANCE ---
[ ] Is the CRM system or its data subject to export control regulations? (Yes, No, Unsure)
[ ] If Yes, please specify the relevant export control regulations.
[ ] Export License Number (if applicable)
[ ] Are any data categories considered 'controlled' or 'prohibited'? (Encryption Keys, Sensitive Financial Data, Military End-User Information, None)
[ ] Date of last export compliance review
[ ] Contact Person for Export Compliance
[ ] Summary of Export Compliance Training Provided to Relevant Personnel

--- TERMS OF SERVICE REVIEW ---
[ ] Summary of Key Usage Restrictions
[ ] Acceptable Use Policy Adherence (Fully Compliant, Mostly Compliant, Needs Review, Not Compliant)
[ ] Maximum API Call Limit Allowed
[ ] Expiration Date of Agreement
[ ] Description of Data Ownership Rights
[ ] Liability Clause Acceptability (Acceptable, Requires Negotiation, Unacceptable)

--- ACCESSIBILITY COMPLIANCE ---
[ ] WCAG Version Compliance (WCAG 2.0, WCAG 2.1, WCAG 2.2, Not Applicable/Auditing Pending)
[ ] Accessibility Testing Methods Performed (Automated Testing Tools, Manual Code Review, User Testing with Assistive Technology, Screen Reader Compatibility Testing, Keyboard Navigation Testing)
[ ] Number of Accessibility Issues Identified
[ ] Summary of Accessibility Remediation Plan
[ ] Date of Last Accessibility Audit
[ ] Screen Reader Compatibility Level (Fully Compatible, Partially Compatible, Not Compatible)

--- RECORD RETENTION POLICY ---
[ ] Record Retention Period (Years)
[ ] Applicable Legal or Regulatory Requirements (GDPR, CCPA, HIPAA, Industry-Specific Regulation, Internal Policy)
[ ] Detailed Description of Record Categories Covered
[ ] Date of Last Record Retention Policy Review
[ ] Exceptions to Standard Retention Periods (if any)
[ ] Storage Location of Records (On-Premise, Cloud Storage, Hybrid)

--- DATA SUBJECT RIGHTS REQUESTS ---
[ ] Request ID
[ ] Request Received Date
[ ] Requestor Description of Request
[ ] Request Type (Access, Rectification, Deletion, etc.) (Access, Rectification, Deletion, Restriction, Data Portability, Objection)
[ ] Initial Response Provided (Summary)
[ ] Response Due Date
[ ] Data Categories Involved (Contact Information, Financial Data, Usage Data, Purchase History)
[ ] Resolution Details & Explanation
[ ] Request Closure Date
[ ] Request Status (Pending, In Progress, Resolved, Rejected)

--- DISASTER RECOVERY & BUSINESS CONTINUITY ---
[ ] RTO (Recovery Time Objective) in Hours
[ ] RPO (Recovery Point Objective) in Hours
[ ] CRM Vendor DR Testing Frequency (Annually, Semi-Annually, Quarterly, Ad-hoc, Not Applicable)
[ ] Last DR Test Date
[ ] Summary of Last DR Test Results
[ ] DR Test Scope (Data, Functionality, Integration) (Data Only, Functionality Only, Integration Only, Full Scope)
[ ] Copy of CRM Vendor DR Plan

--- END OF TEMPLATE ---
Transform this text into a digital, automated, and trackable mobile app!
Visit: https://checklistguro.com/templates/crm/crm-legal-review-checklist
(Click "Install Template" to launch your digital inspection tool immediately)