Whenever new data systems are acquired, a pre-defined procurement process and rules are followed. The rules ensure that the supplier is able to guarantee an adequate level of security, taking into account the priority of the system.
Whenever new data systems are acquired or developed, pre-defined security rules are followed, taking into account the priority of the system. The rules ensure that adequate measures are taken to ensure the security of the data and data processing in the system.
The organization has defined the certifications or standards required of key partners. Commonly recognized standards related to cyber security include:
Certifications required from partners can make organization's own partner management more efficient and provide good evidence of a particular level of security or privacy of the partner.
Determined system portfolio management means a clear picture of the organization's system as a whole, the benefits of different systems and future needs.
The aim of system portfolio management is to achieve e.g.:
The processing agreement binds the actions of the data processor (such as the system vendor).
It can be important for us to ensure an important partner takes responsibility of e.g. access control (logging) and data recovery at the end of the contract according to our preferred policies.