All new suppliers are subject to a review process before being added to the supplier list. This review includes:
- Service provided
- Associated risks
- Security controls (where applicable)
- Security arrangements
- Certification
- Terms and conditions reviewed
- Tier categorisation
- Certification validation
- Supplier assessment document
- Appropriate contractual arrangements
Mitigating controls may be applied if appropriate - or if necessary, the supplier application will be rejected by the Management Team.
Non-disclosure and appropriate processing agreements are required for any service that has a bearing on information security or personal data; we require controls and security of equal quality to our own before a supplier can become approved.
We do not permit third party access to our network or systems, unless providing technical support.
Suppliers that are providing services where personal data is concerned are reviewed annually to ensure the contracts and any associated controls are adequate and compliant.
Any proposed changes to services are submitted to the Management Team for review before accepting. We reserve the right to audit key suppliers at any time.
Need further support?
If you still require assistance with us or have any further questions, please raise a ticket with our support team.
Alternatively, please see our frequently updated knowledge base articles for reference.