Policy for Managing Third-Party Vendors from Supply Chain Risks and Vulnerabilities
Last updated: 01 December 2022
Ref: ec62d945-d031-403c-84f7-fd5d7fb5613e
Purpose and Scope:
1. Liqvid PTE. LTD. is committed to protecting the confidentiality, integrity, and availability of its information assets. The organization recognizes that third-party vendors may have access to sensitive information and can introduce vulnerabilities into the organization's systems and networks. This policy outlines the process and controls for managing third-party vendors to mitigate supply chain risks and vulnerabilities.
Definitions:
2. Third-Party Vendor: Any organization or individual that provides goods or services to Liqvid PTE. LTD.
Supply Chain Risks: The risks associated with the use of third-party vendors, including but not limited to unauthorized access, data breaches, and cyber-attacks.
Policy:
3.1 . Third-Party Vendor Selection and Evaluation:
i. Liqvid PTE. LTD. will evaluate potential third-party vendors based on their ability to meet the organization's information security requirements and standards.
ii. The organization will assess the vendor's information security controls, policies, and procedures to ensure they align with Liqvid PTE. LTD.'s security objectives.
iii. Liqvid PTE. LTD. will include appropriate security requirements and standards in contracts with third-party vendors.
iv. The organization will review and verify the vendor's security controls periodically and as needed.
3.2. Third-Party Vendor Management:
i. Liqvid PTE. LTD. will identify and classify third-party vendors based on the level of access they have to the organization's information assets.
ii. The organization will ensure that third-party vendors comply with Liqvid PTE. LTD.'s information security policies and procedures.
iii. Liqvid PTE. LTD. will monitor third-party vendors' access to information assets and will terminate access when no longer necessary.
iv. The organization will maintain an up-to-date inventory of third-party vendors and their access rights to Liqvid PTE. LTD.'s information assets.
3.3. Third-Party Vendor Incident Response:
I. Liqvid PTE. LTD. will establish an incident response plan for third-party vendor incidents.
II. The organization will require third-party vendors to report any security incidents to Liqvid PTE. LTD. as soon as they become aware of them.
III. Liqvid PTE. LTD. will investigate any security incidents involving third-party vendors and take appropriate actions to mitigate the risks.
IV. The organization will terminate contracts with third-party vendors if they fail to comply with Liqvid PTE. LTD.'s information security policies and procedures.
3.4. Training and Awareness:
I. Liqvid PTE. LTD. will provide training to employees who work with third-party vendors to ensure they understand their roles and responsibilities in managing supply chain risks.
II. The organization will educate third-party vendors on Liqvid PTE. LTD.'s information security policies and procedures and require them to acknowledge their understanding and compliance with these policies and procedures.
3.5. Continuous Improvement:
I. Liqvid PTE. LTD. will review and update this policy periodically to ensure it aligns with the organization's information security objectives.
II. The organization will assess the effectiveness of its third-party vendor management program regularly and take corrective actions as necessary.
Whistleblower Hotline:
4. Liqvid PTE. LTD. encourages employees, customers, and third-party vendors to report any suspected supply chain risks or vulnerabilities through its whistleblower hotline at
allert@liqvid.io. Reports may be made anonymously, and all reports will be investigated and appropriately addressed.
Compliance:
5. Non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contract with Liqvid PTE. LTD.
Approved By:
Information security manager
Liqvid PTE. LTD.
Maksim Panasenko
mp@liqvid.io
Download Liqvid Policy for Managing Third-Party Vendors