Supplier Relationship Policy

Supplier Relationship Policy

Netspective Unified Process
 

Netspective Communications LLC ensures that information security is a priority through this policy. This policy applies to all IT service suppliers and users of information assets, regardless of location, and covers all Information Systems environments operated by or contracted with Netspective Communications LLC. [FII-SCF-025-TPM-01]

  • Mandate information security controls for suppliers who access the information security access

    • Identify the type of suppliers, such as cloud providers, logistics, and IT infrastructure component services.
    • Establish a standard process and cycle for supplier relationships, including bids, RFQ, RFI, tender, supplier selection, contract creation, supplier induction and delivery, and supplier relationship through audits, monthly meetings, and continual improvements.
    • Define the information that the supplier will access and control access and monitoring.
    • Define minimum security requirements for suppliers to access and specify them in contracts.
    • Require suppliers to provide secure and protect Netspective Communications LLC information.
    • Monitor suppliers of Netspective Communications LLC on meeting information security requirements set out in contracts through monthly or quarterly reports.
    • Manage incidents caused by suppliers on Netspective Communications LLC information through the security incident management process.
    • Train procurement team of Netspective Communications LLC on policies and procedures to be followed during supplier selection, contract development, and maintenance.
    • Ensure both parties sign contracts to control and protect information assets of Netspective Communications LLC.
    • Establish suitable Non-Disclosure Agreements with suppliers before awarding contracts.
  • Both parties establish and document supplier agreements with a clear understanding of information security and delivery expectations.

  • Netspective Communications LLC identifies the following items to be included in the contract:

    • Description of the information to be provided or accessed and methods of access.
    • Classification of the information based on Netspective Communications LLC information asset scheme.
    • Legal or regulatory requirements that must be met to protect the information, intellectual property, and copyright.
    • Obligations of both parties (Netspective Communications LLC and the Supplier) to protect information.
    • Explicit list of supplier personnel who will access the Netspective Communications LLC information and their access details.
    • Conveyed incident management procedures to supplier personnel.
    • Specified training and induction requirements.
  • Specified right to audit supplier premises, planned or unplanned.

  • Mentioned conflict resolution procedures between Netspective Communications LLC and suppliers.

  • Required supplier to deliver monthly, quarterly, or on-demand reports of achievement, incidents, issues, and improvements.

  • Required supplier to comply with Netspective Communications LLC security requirements at all times until termination.

  • Defined business continuity or disaster recovery expectations from Netspective Communications LLC to the supplier.

  • Specified response and resolution times for incidents and requests.

  • Netspective Communications LLC should establish contracts with suppliers that include risks related to information security communication technology supply chain.

    • Netspective Communications LLC should identify cloud-based suppliers for carrying out its business, and the supply chain of services from providers should be established.

    • Define information security requirements for the entire supply chain and establish a proper monitoring system of supplier components for all the critical components of the supply chain.

    • Ensure that the supplier provides assurance that the products and sub-systems are working or functioning as needed and monitor availability and risks associated with supplier components.

    • Netspective Communications LLC should monitor and review the supplier products and services.

    • Monitor the service performance level of the supplier as established in the contract.

    • Review the service reports received from Netspective Communications LLC supplier for corrective actions and improvements.

    • Conduct timely planned and unplanned audits at the supplier.

    • Review supplier-related incidents, operational issues, failures to deliver, delays, and conflicts.

    • Ensure that the supplier maintains adequate capability at all times and meets the continuity expectations.

  • Ensure sufficient control and governance over the supplier for their products and deliveries.

  • Manage changes to the supplier, including information security policies and procedures, by following the below points through the change management process of Netspective Communications LLC:

    • Make changes in the contract explicit.
    • Keep track of changes in the products, services, and deliveries.
    • Monitor any new application development by the supplier.
    • Implement changes to any of the established controls.
    • Keep track of any changes in networks, technologies, databases, tools, and processes.
    • Monitor changes to any subcontractors or suppliers impacting the business.

Approved by
Ajay Kumaran Nair on June 13, 2023 |
Last Updated by
Sreejith K on June 13, 2023