Supplier Relationship Policy Compliance Quiz
9 Questions
120 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which department is responsible for commercial negotiation with suppliers?

  • Purchasing area (correct)
  • Proeza companies
  • IT Coordinators
  • Information Technology
  • What is the acronym for non-disclosure agreements?

  • SAPI
  • NDA (correct)
  • NDAE
  • IT
  • Who should contracts with service suppliers related to Information Technology be channeled through?

  • Purchasing area
  • Proeza companies
  • Purchasing and IT Coordinators
  • IT Coordinators (correct)
  • Which group is responsible for requesting and following up with the person in charge of generating the requisition?

    <p>Project leaders</p> Signup and view all the answers

    What must be signed prior to the exchange of information with third parties during the selection or evaluation process of the supplier?

    <p>Confidentiality Agreement (NDA)</p> Signup and view all the answers

    What must the selected supplier meet for the provision of the service during the contracting process?

    <p>Training plan for personnel</p> Signup and view all the answers

    Which area is responsible for requesting a semi-annual report on the effectiveness of information security controls from service suppliers?

    <p>IT Coordinators</p> Signup and view all the answers

    Who is responsible for carrying out a random review of at least 10% of supplier service contracts to validate their compliance with information security controls?

    <p>Information Security Specialists</p> Signup and view all the answers

    What should the Purchasing area consider including in the contract if the platform is managed through the service provider?

    <p>All of the above</p> Signup and view all the answers

    Study Notes

    Information Security Management for Supplier Relationships Policy

    • The policy aims to establish guidelines for maintaining an appropriate level of information security for services contracted to third-party suppliers.
    • The policy applies to all suppliers offering IT services and technological platforms to companies within Grupo Proeza, S.A.P.I de C.V.
    • Contracts with IT service suppliers must be channeled through the IT Coordinators of Proeza companies.
    • IT Coordinators are responsible for ensuring that suppliers comply with information security controls based on corporate policies.
    • Economic proposals must be requested by the Purchasing area and commercial negotiation with suppliers is the responsibility of Purchasing.
    • IT Coordinators must define the scope and technical requirements of the service provider and have meetings with the Purchasing area.
    • Contracts with third parties handling Proeza company information must have appropriate contracts or non-disclosure agreements (NDA).
    • Coordinators or project leaders are responsible for requesting and following up on requisitions according to internal procedures.
    • Coordinators or project leaders must classify IT services based on information sensitivity and involve Information Security Specialists in the selection process.
    • Coordinators or project leaders must conduct a market analysis and verify references with clients before contracting service providers.
    • Purchasing must ensure that selected suppliers meet requirements such as training plans and information security controls.
    • Information Security Specialists must define security requirements and agreements with service suppliers according to the contracted service.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Quiz: Information Security Management for Supplier Relationships Policy Compliance Test your knowledge on the evaluation and contracting process of information technology services from suppliers. Assess your understanding of the internal policy and compliance requirements for maintaining information security in supplier relationships.

    More Like This

    Use Quizgecko on...
    Browser
    Browser