Special note on the RGPD: If you are considering a contract with a supplier subject to the European Economic Area`s (EEA) General Data Protection Regulations (GDPR), the contract must contain an RGPD appendix. Work with the UCSC Business Contracts Office to ensure that the contract contains this agreement. RGPD Resources (Notification Required) Third parties are required to report suspected security incidents to U-M and meet all event-related regulatory requirements based on the nature of the data involved. You must notify the university of an offence that may affect U-M data by following the schedule of the Security Incident Information Report (SPG 601.25). This document describes the policy under which third parties or organizations link to or access network resources on XXX networks for transactions related to KDCC or other authorized business transactions. The following U-M information security standards contain additional third-party provisions that are incorporated into this standard by reference: All new extranet connectivity will be processed by the Office of IT Manager. The purpose of the audits is to ensure that each access best meets commercial requirements and that the principle of least access is respected. To ensure that third-party suppliers and suppliers meet the information security standards required by the university and its department, department or department, you must: contractual agreements with existing third parties must be audited to ensure that they are appropriate. If, after verification, they prove insufficient, you should renegotiate them as soon as possible. The most appropriate mechanism for maintaining this security depends on the type of information and information security requirements. The information security team can provide advice and facilitate evaluation and audit activities. Third-party compliance monitoring is important because it ensures that university information is properly secured.
This should be done at regular intervals by: Due Diligence, as it relates to information security, is the process by which you evaluate the information security control agreements of third parties or potential providers. These agreements must ensure that the information provided by universities is properly guaranteed and that information management rules are respected. The security information team has developed a third-party self-assessment tool called the Third Party Security Assessment (TPSA), as well as a user manual. The information security team can help you interpret the results. A safe pair of hands or weak link? Before entrusting confidential information to a partner or supplier, you need to be sure that it can and will be protected from attack. In all situations, U-M units and all employees, employees and employees must follow the third-party security and compliance process in which a third-party provider must access or share U-M data. Potential suppliers or U-M units are required to submit and/or accept the documents listed in Table 2. The element of the toolkit specifically dedicated to information security is that units are encouraged to develop internal third-party reassessment processes when significant changes are made to an existing lender relationship, for example. B changes in the nature of the data the provider accesses (for example.
B data classified as moderate or high) or the nature of the services provided.