Supplier/Processor list

Maintaining the supplier/processor list is one of the key security requirements for any orgranisation and is the list of all the suppliers and/or processor (or sub-processors) who are involved in a project or process. This means if your processor has a sub-processor ideally that sub-processor also needs to be in this list.

This document should ideally contain

- Basic contact details

- Exact relationship and what function they have in the process

- Security steps undertaken, like NDA, security policy, privacy policy etc

- Contracts signed

- Exact data they have exposure

- Medium used to transfer the said data

- Countries the data is exposed for each supplier and all its sub-processor.

Having this list helps as it

- Forms the basis for the data flow diagram which is also an important security documentation

- Gives you a good overview of who and what data is being shared

- Helps allow you in emergency situations to inform your supplier and sub processor

- Forms the basis of many security document requirements

- Helps easy review every 6 months, if a supplier is no longer used, one can easily see what data was exposed, and accordingly close those channels

Helping organisations build their supplier list along with a range of other important documents forms the foundation of our security audit. Please contact us if you have any questions.

Featured Posts
Recent Posts