A supplier agreement will be drawn up with all partners directly or indirectly involved in the processing of data. The aim is to ensure that there is no misunderstanding between the organization and the supplier of parties' obligations regarding to complying with security requirements.
The organization shall include in the supplier agreement, as appropriate:
The responsible person monitors significant changes in the supplier's operations that may affect the supplier relationship and service level, and thus require other measures. The following aspects are taken into account:
The processing agreement binds the actions of the data processor (such as the system vendor).
It can be important for us to ensure an important partner takes responsibility of e.g. access control (logging) and data recovery at the end of the contract according to our preferred policies.