Skip to main content
Supplier Management

Third Party Services Providers

Updated over 2 months ago

The purpose of this section is to give a brief outline of the company’s procedures, controls and process when using Third Party Services Providers (Suppliers). It includes an overview of the company’s procedures for supplier assessment, monitoring, performance, security and capabilities.

The use of third party services is essential for the company in order to deliver the high quality services the company’s customers have come to expect.

Risk Assessment

Personal identifiable information (PII)

Any services that hold PII, must be compliant with any local regulation for example GDPR and any customers contracts.

Data storage

Data must be stored in accordance with local regulation for example GDPR and applicable customers contracts.

Operational risk

  • Is the supplier critical for the company’s services delivered to its customers?

  • What happens if they're offline?

  • Who at the company would need to access the supplier service?

Oversight & monitoring

A plan for oversight and monitoring should be in place that takes the risk assessment of the third party service into account.

Cost & Approval

Any new supplier needs approval from the company’s management team together with risk and cost assessments. Any service that holds PII should also get the approval of the CPO.

Third Party Service provider database

All third-party service providers are added to the company’s database.

Did this answer your question?