Supplier/Processor list

Maintaining the supplier/processor list is one of the key security requirements for any orgranisation and is the list of all the suppliers and/or processor (or sub-processors) who are involved in a project or process. This means if your processor has a sub-processor ideally that sub-processor also needs to be in this list.

This document should ideally contain

  • Basic contact details
  • Exact relationship and what function they have in the process
  • Security steps undertaken, like NDA, security policy, privacy policy etc
  • Contracts signed
  • Exact data they have exposure
  • Medium used to transfer the said data
  • Countries the data is exposed for each supplier and all its sub-processor.

Having this list helps as it

  • Forms the basis for the data flow diagram which is also an important security documentation
  • Gives you a good overview of who and what data is being shared
  • Helps allow you in emergency situations to inform your supplier and sub processor
  • Forms the basis of many security document requirements
  • Helps easy review every 6 months, if a supplier is no longer used, one can easily see what data was exposed, and accordingly close those channels

Helping organisations build their supplier list along with a range of other important documents forms the foundation of our security audit. Please contact us if you have any questions.