The organization must maintain a list of partners who have access to confidential information. System vendors and processors of personal data are listed separately from other stakeholders because they play an active role in the processing of data.
The processors of personal data (e.g. providers of data systems, other partners using our employee or customer data) and the agreements related to the processing of personal data have been documented. The documentation includes e.g.: