This document defines the Third Party Security Policy for the Company.
This objective of the Third Party Security Policy is to define Company’s information security management process for Third Parties that have access to / handle/ process and /or store the Company’s Information.
CONTENT
1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. SUPPLIER IDENTIFICATION AND RISK MANAGEMENT
3.1 SUPPLIER RISK MANAGEMENT PROCESS
3.2 SUPPLIER IDENTIFICATION
3.3 INFORMATION GATHERING CHECKLIST
3.4 SUPPLIER RISK ASSESSMENT QUESTIONNAIRE
3.5 COMPLIANCE EVALUATION
3.6 ASSURANCE EVALUATION PROCESS
3.7 NON-COMPLIANCE AND RISK MANAGEMENT RESPONSE
4. ROLES AND RESPONSIBILITIES
4.1 COMPLIANCE RESPONSIBILITIES
4.2 RELATIONSHIP MANAGERS
4.3 THE COMPANY’S RELATIONSHIP MANAGER’S SECURITY RESPONSIBILITIES
4.4 THIRD-PARTY SUPPLIER MANAGER SECURITY RESPONSIBILITIES
5. CONTRACT MANAGEMENT
5.1 THIRD-PARTY CONTRACTS
5.2 CONTRACT EXEMPTIONS PROCESS
6. THIRD-PARTY ASSURANCE
6.1 RISK ASSESSMENTS
6.2 AUDITING
6.3 MONITORING
6.4 CHANGE MANAGEMENT PROCESS
7. EXCEPTIONS
8. FINAL CONSIDERATIONS
8.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
8.2 DOCUMENT REVISION
Pages: 15
The objective of this document is to identify the boundaries for the Information Security Management System (ISMS) and detail the security structure in place to manage and control the ISMS for the Company.
This document highlights the standard requirements for Information Security Incident Handling within the Company.
The overall objective of the recruitment and selection process is to obtain at optimal costs the number and quality of employees required to satisfy the human resources need of the Company, according to the approved hiring plan included in the budget.
Review Third Party Security Policy.
You must be logged in to post a review.