Uprise Suppliers Security Policy
Objective and Scope
The purpose of this document is to define the rules for the relationship with suppliers, subcontractors and partners, in order to comply with the following statements:
• Establish professional collaboration partnerships that create long-term value for both parties, based on trust and mutual interest.
• Ensure that individual partners and external providers comply with Uprise policies and standards.
• Ensure that Uprise will not be associated with any type of anti-competitive or anti-ethical agreement.
This document applies to all Partners and External Providers with the capacity to influence Management Systems, in terms of confidentiality, integrity and availability of the information within the scope of ISMS, as well as in terms of product quality, software quality and delivery or customer management quality.
Uprise gives particular importance to data security, therefore existing and potential partners as well as external providers must have appropriate controls to ensure the information confidentiality, integrity and appropriate availability is not compromised and these controls are maintained in accordance with Uprise Security Policy (see Information Security Policy). The reference standard for Uprise’s security policies is ISO27001 and partners and external providers shall comply with the principles of that standard.
Uprise is committed to continuously improve its quality management system and, for such, ensures that partners and external providers’ processes, products and services do not adversely affect its ability to consistently deliver conforming products and services to its customers. Uprise determines the controls to be applied to externally provided processes, products and services and the criteria to be applied for their selection and evaluation. The organization shall retain documented information of these activities and any necessary actions arising from the evaluations.
Information for Partners and External Providers
Uprise communicates to Partners and External Providers:
• ISMS and QMS policies and standards;
• The processes, products and services requirements;
• The competences needed, including any required qualification of persons;
• The interactions with the organization; Partners and External Providers
• Performance control and monitoring measures applied;
• Verification or validation activities that the organization, or its customer, intends to perform at the external providers’ premises.
Furthermore, clear contractual terms need to be established, concerning to legal obligations covering information security (e.g. data protection, copyright, encryption, etc.). It must be also implied that noncompliance with established policies may constitute a breach of contract and lead to termination of the contractual relationship. Partners and external providers must agree and comply with the requirements settled.