compliances

Sample – Information Security Contract Standards for Supplier considerations

October 19, 2012

Supplier Contract Standards for Suppliers

Corporate’s business functions rely upon the integrity, confidentiality, and availability of its computer systems and the information assets stored within them. Responsibilities and procedures for the management, operation and security of all information processing facilities must be established.  This standard supports the stated objectives.

Supplier Technical Security Standards

Supplier Technical Security Standards must be complied.These standards are contained in “Supplier Technical Security Standards.”

The technical, as opposed to business and contractual, standards required for suppliers are contained in the Supplier Technical Security Standard.

Supplier Classification Standard

The classification of suppliers into different categories of risk, is contained in the Supplier

Classification Standard.

Roles & Responsibilities

The Supplier is responsible for implementing all security and privacy requirements detailed out in this standard in their contract and implementation of services.

The Corporate Business Owner is responsible for all actions of the Supplier.  They are also responsible for ensuring that these provisions and requirements are implemented.  The Corporate Customer is also responsible for any financial impact as a result of failure of compliance by the Supplier to Corporate’s brand, customers or data.

Messaging Policy.

The Information Security Department will assist End Users and IT Custodians in assessing, defining, implementing, managing and monitoring appropriate controls and security and privacy measures.

The Information Security Department will audit and review the adequacy of controls and security and privacy measures in place to measure and enforce conformance to this policy.

.

.

.  Etc…