Podcast
Questions and Answers
Which department is responsible for commercial negotiation with suppliers?
Which department is responsible for commercial negotiation with suppliers?
What is the acronym for non-disclosure agreements?
What is the acronym for non-disclosure agreements?
Who should contracts with service suppliers related to Information Technology be channeled through?
Who should contracts with service suppliers related to Information Technology be channeled through?
Which group is responsible for requesting and following up with the person in charge of generating the requisition?
Which group is responsible for requesting and following up with the person in charge of generating the requisition?
Signup and view all the answers
What must be signed prior to the exchange of information with third parties during the selection or evaluation process of the supplier?
What must be signed prior to the exchange of information with third parties during the selection or evaluation process of the supplier?
Signup and view all the answers
What must the selected supplier meet for the provision of the service during the contracting process?
What must the selected supplier meet for the provision of the service during the contracting process?
Signup and view all the answers
Which area is responsible for requesting a semi-annual report on the effectiveness of information security controls from service suppliers?
Which area is responsible for requesting a semi-annual report on the effectiveness of information security controls from service suppliers?
Signup and view all the answers
Who is responsible for carrying out a random review of at least 10% of supplier service contracts to validate their compliance with information security controls?
Who is responsible for carrying out a random review of at least 10% of supplier service contracts to validate their compliance with information security controls?
Signup and view all the answers
What should the Purchasing area consider including in the contract if the platform is managed through the service provider?
What should the Purchasing area consider including in the contract if the platform is managed through the service provider?
Signup and view all the answers
Study Notes
Information Security Management for Supplier Relationships Policy
- The policy aims to establish guidelines for maintaining an appropriate level of information security for services contracted to third-party suppliers.
- The policy applies to all suppliers offering IT services and technological platforms to companies within Grupo Proeza, S.A.P.I de C.V.
- Contracts with IT service suppliers must be channeled through the IT Coordinators of Proeza companies.
- IT Coordinators are responsible for ensuring that suppliers comply with information security controls based on corporate policies.
- Economic proposals must be requested by the Purchasing area and commercial negotiation with suppliers is the responsibility of Purchasing.
- IT Coordinators must define the scope and technical requirements of the service provider and have meetings with the Purchasing area.
- Contracts with third parties handling Proeza company information must have appropriate contracts or non-disclosure agreements (NDA).
- Coordinators or project leaders are responsible for requesting and following up on requisitions according to internal procedures.
- Coordinators or project leaders must classify IT services based on information sensitivity and involve Information Security Specialists in the selection process.
- Coordinators or project leaders must conduct a market analysis and verify references with clients before contracting service providers.
- Purchasing must ensure that selected suppliers meet requirements such as training plans and information security controls.
- Information Security Specialists must define security requirements and agreements with service suppliers according to the contracted service.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Quiz: Information Security Management for Supplier Relationships Policy Compliance Test your knowledge on the evaluation and contracting process of information technology services from suppliers. Assess your understanding of the internal policy and compliance requirements for maintaining information security in supplier relationships.