A supplier agreement will be drawn up with all partners directly or indirectly involved in the processing of data. The aim is to ensure that there is no misunderstanding between the organization and the supplier of parties' obligations regarding to complying with security requirements.
The organization shall include in the supplier agreement, as appropriate:
The organization must maintain a list of partners who have access to confidential information. System vendors and processors of personal data are listed separately from other stakeholders because they play an active role in the processing of data.