Supplier Relationship Policy Compliance Quiz

Questions and Answers

PDF Questions PDF Answers

Which department is responsible for commercial negotiation with suppliers?

Purchasing area (correct)

Proeza companies

IT Coordinators

Information Technology

What is the acronym for non-disclosure agreements?

SAPI

NDA (correct)

NDAE

IT

Who should contracts with service suppliers related to Information Technology be channeled through?

Purchasing area

Proeza companies

Purchasing and IT Coordinators

IT Coordinators (correct)

Which group is responsible for requesting and following up with the person in charge of generating the requisition?

Project leaders

What must be signed prior to the exchange of information with third parties during the selection or evaluation process of the supplier?

Confidentiality Agreement (NDA)

What must the selected supplier meet for the provision of the service during the contracting process?

Training plan for personnel

Which area is responsible for requesting a semi-annual report on the effectiveness of information security controls from service suppliers?

IT Coordinators

Who is responsible for carrying out a random review of at least 10% of supplier service contracts to validate their compliance with information security controls?

Information Security Specialists

What should the Purchasing area consider including in the contract if the platform is managed through the service provider?

All of the above

Study Notes

Information Security Management for Supplier Relationships Policy

• The policy aims to establish guidelines for maintaining an appropriate level of information security for services contracted to third-party suppliers.
• The policy applies to all suppliers offering IT services and technological platforms to companies within Grupo Proeza, S.A.P.I de C.V.
• Contracts with IT service suppliers must be channeled through the IT Coordinators of Proeza companies.
• IT Coordinators are responsible for ensuring that suppliers comply with information security controls based on corporate policies.
• Economic proposals must be requested by the Purchasing area and commercial negotiation with suppliers is the responsibility of Purchasing.
• IT Coordinators must define the scope and technical requirements of the service provider and have meetings with the Purchasing area.
• Contracts with third parties handling Proeza company information must have appropriate contracts or non-disclosure agreements (NDA).
• Coordinators or project leaders are responsible for requesting and following up on requisitions according to internal procedures.
• Coordinators or project leaders must classify IT services based on information sensitivity and involve Information Security Specialists in the selection process.
• Coordinators or project leaders must conduct a market analysis and verify references with clients before contracting service providers.
• Purchasing must ensure that selected suppliers meet requirements such as training plans and information security controls.
• Information Security Specialists must define security requirements and agreements with service suppliers according to the contracted service.

Description

Quiz: Information Security Management for Supplier Relationships Policy Compliance Test your knowledge on the evaluation and contracting process of information technology services from suppliers. Assess your understanding of the internal policy and compliance requirements for maintaining information security in supplier relationships.