Inclusive culture starts with contract language

This blog post was authored by Michael Lyons - Managing Director, Security and Privacy on Protiviti's technology insights blog.

This post is the third and final in an occasional series about diversity in cybersecurity. Our first post discussed achieving diversity’s benefits in cybersecurity; the second explored the high cost of gender bias in cybersecurity.

Anyone who wins business via competitive bid may have noticed that requests for proposals (RFPs) increasingly feature instructions to adopt inclusive language in responses. Over the past several years, more and more potential customers are seeking cybersecurity partners whose values in the areas of diversity, equity and inclusion (DEI) correspond with their own. Sometimes, enterprises will provide examples of non-inclusive terminology and propose alternatives. Bidders who are new to the concept of inclusive language, however, should think twice about simply searching and replacing non-inclusive words and phrases to satisfy bidding requirements. They’ll want to make a sincere and substantive effort to align their values and embrace DEI as part of their cultures to take their place in a network of like-minded businesses.

Partners in inclusion

A bidder could respond to an RFP with the lowest price in the world, but if they are not a good cultural fit, they won’t win the business. An increasing number of business leaders have come to understand it’s more trouble than it’s worth to engage a trading partner who doesn’t align with enterprise values.

Businesses have grown increasingly connected as they’ve focused on core competencies. When a large company invites prospective suppliers to bid, they may be thinking about price and due dates; thinking, even, beyond the nuts-and-bolts requirements of any engagement and looking for partners to turn to consistently. They’re seeking to grow their networks and to build a circle of trust. They want these suppliers to represent them well, both in the work they do and in the products and services they deliver.

Engagements usually involve teams comprised of resources from both customers and suppliers. Individuals might work side-by-side for weeks or for years. Trust is easier to form with suppliers whose resources speak, work and act in the same inclusive way the customer values. That trust results in a happier and more productive team. The engagement often becomes the project of choice for customer and supplier resources alike.

Language, bias, culture

Firms seeking more inclusive language from their partners might even provide examples of non-inclusive language to avoid and offer alternatives to use in proposals and contracts. Nothing could be more straightforward than to search for outmoded, biased terminology and replace offending terms with a newer, neutral vocabulary. Making the more fundamental change that’s demonstrated by new behavior, however, is a more sincere, substantive and lasting fix.

The change that drives a cultural shift starts with acknowledging bias. Learning inclusive alternatives to the language people have always unthinkingly used is a great way to uncover bias. If prospective customers don’t provide their own examples — and even if they don’t explicitly request inclusive language — any business can start by studying inclusive alternatives to outmoded terms. The American Psychological Association (APA) has published inclusive language guidelines to promote equitable representation. In addition, information technology organisations at universities around the United States are working to eradicate the “racist, sexist, ageist, ableist, homophobic or otherwise non-inclusive language” that has characterised information technology, software and cybersecurity fields for years. As with any fundamental change, first attempts are merely a start, but learning about inclusive language builds awareness. Once an individual understands bias in language, they’ll continue to improve at using inclusive language and it becomes natural to them over time. For businesses, it can become part of daily operations.

Businesses have drifted away from doing business face-to-face. Now, and especially in the early days of a business relationship, RFPs might originate from procurement systems, and the bidder’s objective is only to advance to the next step in a selection process. The first words exchanged via RFP and proposal, therefore, carry information about a prospective supplier’s culture as well as surface meaning.

If the supplier proceeds in a firm’s selection process, prospective customers will have additional opportunities to get to know suppliers beyond any written response. This is when customers will be able to discern whether inclusive values are intrinsic to the supplier’s culture or only pasted on to the surface of proposal and contract language.

Once they are selected for an engagement, suppliers will want to show they live the inclusive values they extol. Team meetings, project planning, status reports and other communications about the initiative must continue to demonstrate and promote inclusivity of the team and the culture arising from team operations. This is when suppliers deliver on the promise that originates from contract and proposal language.

Inclusive language is the new price of entry

Any cybersecurity business that competes via competitive bidding (that is, any cybersecurity business) may already have noted prospective customers prefer and often require inclusive language in proposals and contracts. While some RFPs will actually specify inclusive language to replace outmoded terms, all suppliers have access to guidance on neutral alternatives. Language, however, is only the price of entry; suppliers who seek long relationships and who value broad business networks based on shared values will want to consider language to uncover biases and seek to address DEI in their own cultures.

Read the results of our new Global IT Executive Survey: The Innovation vs. Technical Debt Tug of War.

To learn more about our cybersecurity solutions, contact us.


Michael Pang
Michael is a managing director with over 20 years’ experience. He is the IT consulting practice leader for Protiviti Hong Kong and Mainland China. His experience covers cybersecurity, data privacy protection, IT strategy, IT organisation transformation, IT risk, post ...
Franklin Yeung
Franklin is a director with over 22 years’ experience in IT consulting, audit, and system implementation. He has experience in assisting organisations with IT/IS security, strategy, governance, risk management, internal controls, business continuity management, system ...

Featured insights