In today’s era many businesses rely on outside companies, known as third party organizations, to handle their data or services. Some examples might include vendors, marketing firms, recruiting organizations and other external entities.
In these instances, it’s likely that third party vendors might collect, store or refer to confidential or sensitive information regarding the business or its customers. In order to ensure customer data and business processes remain protected and operational it’s import to vet third party companies to ensure the best results are obtained from such associations.
The purpose of this policy is to provide guidelines for establishing qualified third party vendors with whom to do business and what requirements or regulations should be imposed upon their operational processes.
This policy can be customized as needed to fit the needs of your organization. This policy supports the existing federal/state laws as they apply to third party vendors, but shall not replace any potential changes in current or future compliance components levied against third party vendors through statute, law, or contract. It is recommended that any such changes be incorporated into this policy.
From the policy
All employees, whether full-time, part-time, contract workers, consultants, part-time staff, interns and temporary workers and other personnel are covered by this policy. It also applies to all company-owned equipment, employee-owned equipment used to conduct company business or material related thereto.