A supplier agreement will be drawn up with all partners directly or indirectly involved in the processing of data. The aim is to ensure that there is no misunderstanding between the organization and the supplier of parties' obligations regarding to complying with security requirements.
The organization shall include in the supplier agreement, as appropriate:
A designated responsible person actively monitors the supplier's activities and services to ensure compliance with the security terms of the contracts and the proper management of security incidents.
Monitoring includes the following:
Data processing agreements bind the actions of a personal data processing partner.
It can be important for us to require an important partner to take care of e.g. ensuring the confidentiality requirements for its personnel and restricting the use of other processors of personal data in connection with our data.
The processing agreement binds the actions of the data processor (such as the system vendor).
It can be important for us to ensure an important partner takes responsibility of e.g. access control (logging) and data recovery at the end of the contract according to our preferred policies.