Supplier Profile
Supplier Name
Supplier Service
Contact Name
Contact Email Address
Contact Phone Number
(optional)
Does the supplier’s contract include the following list of Information Security controls?
-
Data at-rest and in-transit protection
-
Information Security awareness training for all staff with access to the Customer Information
-
Cryptographic key management system
-
Customer data breach notification
-
Secure processes for management and disposal of Customer Information
-
Limited access to the Customer Information based on the “Need to Know” and “Least Privilege” principles
Have you ever assessed the supplier's Information Security capabilities over the environment containing the Customer Information according to the requirements of an accepted security framework (e.g., ISO 27001, NIST Cybersecurity, PCI-DSS)?
Have you noticed any unresolved control weakness within the supplier environment that could have a major impact on the confidentiality or availability of the Customer Information?
Supplier Service
(optional)
Acknowledgement
Please fill in all the mandatory fields!
Supplier Profile
Supplier Name
Industry
Contact Name
Contact Email Address
Onboarding Date
(optional)
Contact Phone Number
(optional)
Expiry Date
(optional)
Public Domain
(optional)
View Contract
(optional)
(optional)
Supplier Attestation Documents
View Document
(optional)
(optional)
View Document
(optional)
View Document
Sorry This file is not Valid, please try another file.
Data Access
(Select if applicable)
Connected Primary Assets
Should the audit function review the evidence of control implementation?
How easy it is to replace the Supplier?
(optional)
Additional Comments