This policy describes rules and principles on how we manage supplier relationships in our organization.
The service manager and office manager are responsible to implement the policy.
- The contract should contain our requirements for information security
- Access to data and conditions
- Service level agreement
- Compliance to relevant Policies
- KPIs should be added to Suppliers
- If the supplier will process PII (personally identifiable information) on our behalf:
- A data processing agreement (DPA) must be signed
- The data should be located within the EU
- Suppliers should be assessed periodically, taking into account
- Performance (are we happy with them?)
- KPI performance (are they living up to the expectations?)
- Recent incidents (where they a party in a recent information security incident?)
Updated 8 months ago