A supplier agreement will be drawn up with all partners directly or indirectly involved in the processing of data. The aim is to ensure that there is no misunderstanding between the organization and the supplier of parties' obligations regarding to complying with security requirements.
The organization shall include in the supplier agreement, as appropriate:
Minimum security requirements have been set for partner companies handling our confidential information and these have been included in supplier agreements. Requirements vary depending on how critical information the partner handles.
It makes sense for requirements to consist of rules and practices that are followed in your own organization. You can divide the requirement levels into low, medium and high risk suppliers.