Vendor Risk Assessment

Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (鈥淕eneral Data Protection Regulation鈥), controllers must only use processors that provide sufficient assurances regarding their capability to implement appropriate technical and organizational measures, ensuring that all processing activities are performed and secured in line with the legal requirements.

In this regard, PRIOR TO engaging the services of a processor, the controller must perform a thorough assessment of the processor鈥檚 capabilities to process the entrusted personal information in a secure and confidential manner, in accordance with the provisions of the General Data Protection Regulation (GDPR).

黑料网's Privacy and Information Security Global Third-Party Suppliers/Vendor Management Policy makes it mandatory for all new procured services, software and/or applications delivered by third-party service providers/vendors to undergo a preliminary risk evaluation initiated as part of the purchase requisition process and, among others, identify the key security, privacy and contractual requirements the third party will be required to meet.

Paper covered in writing between two keyboards with hand holding pencil over it

Procurement Policy Works in Unison With:

Paper covered in writing between two keyboards with hand holding pencil over it
  • Accounts Payable Policy
  • Travel and Expense Policy
  • Purchasing Card Policy and Procedures
  • Privacy and Information Security Global Third-Party Suppliers/Vendor Management Policy