Scribd Logo
Upload

Welcome to Scribd!

  • ISPolicy 049

    Uploaded by

    Mayank Verma
    14 views6 pages

    Original Title

    ISPolicy049

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views6 pages

    ISPolicy 049

    Uploaded by

    Mayank Verma

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    R Systems International Ltd.

    C-40, Sector 59
    Noida 201 307
    (U.P.), India
    http://www.rsystems.com/

    Supplier Relationship Policy

    Document Id.
    Id.: :ISguide
    ISPolicy049

    Version No.
    No.: :1.0
    1.0

    Released on
    on: :22/05/06
    18/07/17

    This document of R Systems International Ltd. is for internal circulation. No part of this publication may be
    reproduced, stored in a retrieval system, or transmitted in any from or by any means – recording,
    photocopying, electronics and mechanical without prior written permission of R Systems International Ltd.
    Review History
    S No. Review Date Reviewed By Remarks

    1 15/06/15 Manager QAG Doc Changed and DCR


    raised

    2 15/06/15 Sr. Manager QAG Doc Changed and DCR


    raised

    3 18/07/17 Sr. Manager QAG Doc Changed and DCR


    raised

    4 18/07/17 Sr. Manager QAG No Change

    5 30/07/19 Sr. Manager QAG No Change

    6 28/07/20 Sr. Manager QAG No Change

    7 20/07/21 Manager -QAG No Change


    Document Control Sheet

    Document History
    Ver. Release DCR Ref. Description of Authored/ Reviewed Approved
    No. Date Change Revised By By
    By
    1.0 15/06/15 DCR/ISMS/ New Document ISMS Manager CISO
    122 created as per Team QAG
    ISO 27001:2013
    1.0 15/06/15 DCR/ISMS/ Annual Review – ISMS Sr. CISO
    132 22/6/16 Team Manager
    QAG
    1.0 18/07/17 DCR/ISMS/ Annual Review ISMS Sr. CISO
    136 Team Manager
    QAG

    Notes:
     Only controlled hardcopies of the document shall have signatures on them.
     This is an internal document. Unauthorized access or copying is prohibited.
     Uncontrolled when printed unless signed by approving authority.

    © R Systems International Limited 2022


    Table of Contents

    1. Overview ...................................................................................................... 5
    2. Acronyms ..................................................................................................... 5
    3. Objective ...................................................................................................... 5
    4. Scope ........................................................................................................... 5
    5. Policy ........................................................................................................... 5
    ©R Systems International Ltd Internal ISPolicy049

    Supplier Relationship Policy

    1. Overview

    Supplier Relationship Policy is an essential prerequisite to sound Information


    Security Management. Supplier Relationship policy aims at providing and
    establishing information security compliance guidelines for all the Departments of
    R Systems and the associated third party service providers.

    2. Acronyms

    Acronyms Description
    CISO Chief Information Security Officer
    RSI R Systems International Ltd.

    3. Objective

    The purpose of this policy is to protect the company’s confidential information that is
    accessible to third party service providers by preventing unauthorized disclosure,
    modification, removal or destruction of information assets that may lead to
    interruptions in business activities.

    4. Scope

    This policy applies to all employees and third party suppliers of RSI.

    5. Policy

     Formal Risk Analysis (as per the process highlighted in the Procedure for
    Supplier Relationship) shall be carried out before allowing access to the IT
    systems and facilities to the third party personnel by the engaging department of
    RSI.

     RSI shall ensure that formal information security requirements (as per Supplier
    Relationship Procedure ISProc031) for third party access, operations of the IT
    systems and facilities are defined, documented and conveyed to the respective
    departments and the third party service providers.

     A lifecycle for managing supplier relationship shall exist and adhered to.

     Respective departments shall maintain a comprehensive listing of the third


    parties requirements (as per Supplier Relationship Procedure ISProc031)
    engaged by R Systems, these lists shall be reviewed annually by the CISO to
    ensure the completeness of the lists.

    Version No: 1.0 Page 5 of 6 Release Date: 18/07/17


    ©R Systems International Ltd Internal ISPolicy049

     RSI shall draw and sign formal written contracts with all the third party service
    providers and business partners (as per the process highlighted in the Procedure
    for Supplier Relationship). These contracts shall include the Service Level
    Agreement (SLA) identified, defined and agreed on for the respective service.

     Formal Non-Disclosure Agreement (NDA) shall be signed with the third party for
    compliance to the information security requirements and the information security
    Policy. Information security requirements for mitigating the risks associated with
    supplier's access to the R Systems’ assets shall be agreed with the supplier and
    documented in the Non-Disclosure Agreement (NDA).

     All relevant information security requirements shall be established and agreed


    with each supplier that may access, process, store, communicate, RSI’s
    information or provide IT infrastructure components.

     Agreements with suppliers shall include requirements to address the information


    security risks associated with all information and communications technology
    services.

     Third Party Users, Suppliers, Contractors shall be made aware of Information


    Security Roles and Responsibilities through communication of relevant
    information security policies, information security awareness trainings and
    signing of the Non-Disclosure Agreement (NDA).

     RSI shall monitor and review supplier service delivery on a quarterly basis
    requirements (as per Supplier Relationship Procedure ISProc031).

     Changes to the provision of services by suppliers, including maintaining and


    improving existing information security policies, procedures and controls, shall be
    managed requirements (as per Supplier Relationship Procedure ISProc031),
    taking account of the criticality of business information, systems and processes
    involved and re-assessment of risks.

     RSI shall ensure that all the access rights defined, software installed and the
    data pertaining to RSI stored on third party storage media shall be removed on
    the termination of third party services.

     Addressing Security in Third Party Agreements - Agreements with third


    parties involving accessing, processing, communicating or managing RSI’s
    information or information processing facilities, or adding products or services to
    information processing shall cover all relevant information security requirements.
    Third party access to RSI’s information assets shall be based on a formally
    executed contract. This contract shall stipulate that all employees or agents of
    third party are required to comply with all the relevant requirements of RSI’s
    Information Security Policies.

    Version No: 1.0 Page 6 of 6 Release Date: 18/07/17

    You might also like