Vendor Checklist

A. Data/Information Security and Compliance

1 Processed the DataFlow Data only on the written instructions of DataFlow Yes/NA
Created internal security policy for team members and built awareness
Yes/NA
2 about data protection
3 Secured personal data through procedural and technical measures Yes/NA
Maintained complete and accurate records and information to
Yes/NA
4 demonstrate its compliance
Upon the disclosing party’s request, the receiving party has promptly
returned all Information and discontinued all further use of the Yes/NA
5 Information.

The Services are performed in a professional manner with high quality Yes/NA
6 and with integrity
Has all necessary rights, licenses and permits that are required to
Yes/NA
7 perform the Services in the concerned country.
Has complied to Anti-corruption, Anti Bribery, Data protection and all the
Yes/NA
8 applicable Local Laws of the concerned country.
Arranged periodic training to ensure compliance for all individuals
involved in service delivery and has executed certificates of compliance Yes/NA
9 internally
Has kept the information (digital & paper documents) safe and away
Yes/NA
10 from unauthorized users.
11 All the digital information of Dataflow group is password protected Yes/NA
12 All PC’s and laptops used are password protected Yes/NA
Latest antivirus should be installed on every mobile devices(PC’s ,
Yes/NA
13 Laptops,etc)
Data is secured and not copied to outside of the vendor’s immediate
Yes/NA
14 technology environment.
Vendor’s technology environment is approved for use by the DataFlow
Yes/NA
15 Information Security team.
16 Printed copies are only made where absolutely necessary. Yes/NA
Printed copies are handed in a secure way to ensure they are not mislaid
Yes/NA
17 or accidentally lost in transit.
Printed copies are shredded with a cross-cut shredder once verification
Yes/NA
18 is completed.

B. Service Deliverables

Document authentication and genuinity asked while taking the

Yes/No/NA
1 verification (either verbal or written)
2 Call Verbiage is being followed for all the verifications taken on call Yes/No/NA
All relevant information pertaining to the document to be verified taken
Yes/No/NA
3 from the verifier and is provided to the Dataflow teams
4 All the relevant proofs attached with the verification Yes/No/NA
 Complete Verifier information taken and provided including the
Yes/No/NA
5 designation, department and official contact details
6 Verification provided within timeframe Yes/No/NA
Complete verification history and documentation for all attempts
Yes/No/NA
7 provided as per Dataflow Standards
8 Followed the defined quality parameters Yes/No/NA

9 Contact made to the IA taken from a validated and genuine source Yes/No/NA

Attempts and follow ups done with the Issuing Authorities shared in a
Yes/No/NA
10 timely manner with the respective Dataflow teams.

11 Prior information shared in case of a delay in the verification Yes/No/NA

12 Site Visit Pictures with date and stamp taken for site visit verification Yes/No/NA
13 Service level Agreement is achieved Yes/No/NA

C. Invoicing

1 Invoice shared between 1st to 7th of every month Yes/No/NA

2 Invoice prepared is in a set Dataflow format Yes/No/NA
Any check in the invoice is not repeated and duplicated from the previous
Yes/No/NA
3 billed invoices
4 Invoices raised are based on the checks completed within the month Yes/No/NA
5 Provided valid Issuing Authority Fee Receipt if applicable Yes/No/NA
6 Fee per check is per agreement or approved fee Yes/No/NA
7 Accurate Bank account details provided Yes/No/NA