Creating a policy to evaluate the Third Party Security

aelgum · Feb 11, 2015

Hi Group.

Good day.

As part of policy creation am creating a policy to Evaluate the Third Party security.

Can anyone share any templates or provide the inputs what needs to be considered to evaluate the Third Party Security?

Regards
Ajay

Gmzita · Feb 12, 2015

Ajay -

I saw your post and didn't know if this would be useful for you at all. Our company is involved in the C-TPAT program for the US Customs Dept. It deals with importing foreign goods and maintaining security for incoming goods. We primarily deal with Manufacturers so our survey is based on US Customer requirements tailored to that group - but they have many more - see http://www.cbp.gov/border-security/...hip-against-terrorism/apply/security-criteria

I attached the generic survey we use for Manufacturers - maybe you can pull some ideas from it or find what you need at the above website. We typically ask the manufacturer to complete the survey and then send someone from our facility to verify their responses. Once it is on file then we have a simpler form that we use for three year review cycle. It simply asks for the basic information and whether or not there have been any changes. If there have been, then we ask for a description and re-verify with a site visit. If none - then we just keep it on file.

Let me know if this helps.
~ Geralyn

aelgum · Feb 12, 2015

Thank you..
Appreciate the help

Richard Regalado · Feb 17, 2015

Hello again.

Writing a policy? Have you assessed the risk coming from 3rd-party security? If not, I suggest you do the risk assessment first. After all, the course of action embodied on your policy is related to your risk.

There are many templates in the Net but you have to customize it to your organization and one way of addressing your specific needs is via assessing your risks.

Cheers!
Richard

infosaas · Mar 10, 2015

Richard has hit the nail on the head. A policy document on third party security should set out the requirements and expectation on the third party, the data they use, their method of communications, there own responsibilities to protect data, retain ISO27001 certification etc.

That is only half of the story. How have your existing risk assessments been completed with regards to:

- transmission of data to/from third parties
- third party confidentiality clauses that protect you as the customer
- the integrity of their services - what if they suffer a hack or data breach
- what happens when third party personnel leave?
- any assets (data or tangible) supplied to the third party
- their own business/service continuity arrangements
- etc. etc. etc.

Policy sets directions. Risk assessment demonstrates whether or not security activities and controls are effective. You need a combination of both.

Thread starter	Similar threads	Forum	Replies	Date
G	Creating a "Records Policy" - Control of Quality Records	Records and Data - Quality, Legal and Other Evidence	13	Jan 13, 2010
R	Accelerated Aging - Creating test samples - Implantable medical device Question	Other Medical Device Related Standards	4	Aug 31, 2020
L	Hazardous Waste - Tips for creating standardized training	Miscellaneous Environmental Standards and EMS Related Discussions	2	Oct 31, 2019
M	Informational Creating a post market surveillance (PMS) system for medical devices – Part 1	Medical Device and FDA Regulations and Standards News	7	Oct 8, 2019
J	Sample size for creating a data base as a reference to a tested variable	Other Medical Device and Orthopedic Related Topics	6	Aug 12, 2019
8	Creating Flow and Pull Game	Lean in Manufacturing and Service Industries	1	Jul 5, 2019
B	Main responsibility for Control Plans - creating and maintaining	FMEA and Control Plans	15	Jun 5, 2019
	Creating a new commercial product based on a modification to an existing product	Other US Medical Device Regulations	4	Apr 14, 2019
R	Creating WIs for a Heavy Civil Engineering Services company	Document Control Systems, Procedures, Forms and Templates	19	Nov 1, 2018
M	Creating a Plant Level Value Stream Map	Process Maps, Process Mapping and Turtle Diagrams	1	Oct 19, 2018
T	IMDS - Creating an MDS out of material and a made item?	RoHS, REACH, ELV, IMDS and Restricted Substances	4	Feb 20, 2018
D	How do I go about creating document logs and registers with the MS Excel	Excel .xls Spreadsheet Templates and Tools	2	Jan 3, 2018
W	ISO9001:2015 - Clause 7.5.2 - Requirements for Creating & Updating Documents	ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards	6	Dec 2, 2016
K	Creating together Standard Definition for Prevention and Detection FMEA	FMEA and Control Plans	1	Oct 16, 2016
	Creating an Internal Audit Program That Works for Your Organization	Internal Auditing	0	Jun 27, 2016
M	Creating change / Forcing change within a Company	Lean in Manufacturing and Service Industries	7	Mar 24, 2015
S	Creating goals and objectives with targets and measurables for self-evaluations	Management Review Meetings and related Processes	2	Jan 30, 2015
L	Creating a xlsx Customer Complaint file to track Complaints	Excel .xls Spreadsheet Templates and Tools	2	Dec 10, 2014
S	When creating a 510k, which Guidance Document Wins?	Other US Medical Device Regulations	9	Oct 3, 2014
P	GS1 NHRN AIs - Creating Barcodes for Human Product	Other ISO and International Standards and European Regulations	4	Apr 4, 2014
O	Creating a Tool to Track & Verify Mistake Proofing Devices	Document Control Systems, Procedures, Forms and Templates	5	Mar 27, 2014
B	Any suggestion on creating the best paper plane that can hit a target perfectly?	Coffee Break and Water Cooler Discussions	2	Oct 2, 2013
P	Creating a PPAP document for my Suppliers	APQP and PPAP	1	May 7, 2013
L	Any recommendations on software for creating hierarchical workflows ?	Misc. Quality Assurance and Business Systems Related Topics	2	Mar 29, 2013
	Creating Global Giants from a Culture of Israeli Start-Ups	Coffee Break and Water Cooler Discussions	0	Feb 27, 2013
R	Creating a c-chart spreadsheet to use in my department	Excel .xls Spreadsheet Templates and Tools	5	Jan 30, 2013
R	Inspection Database Picker - Creating an Inspection Report	Document Control Systems, Procedures, Forms and Templates	1	Nov 16, 2012
P	Problem with creating VSM current map	Lean in Manufacturing and Service Industries	3	Jul 23, 2012
G	Creating an Organization Chart - AS9100	AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements	5	Jul 19, 2012
L	Creating DHF (Design History File) for Medical Device Systems	Design and Development of Products and Processes	8	Jul 10, 2012
Q	Recommendations for criteria on creating a CAPA (Corrective and Preventive Action)	ISO 13485:2016 - Medical Device Quality Management Systems	8	Jun 26, 2012
C	Creating a Multiple Table SQL (Structured Query Language) Query in Minitab	Using Minitab Software	10	Jun 15, 2012
C	Resources for creating Process Validation Procedures	Qualification and Validation (including 21 CFR Part 11)	5	May 15, 2012
B	Creating an Audit Mechanism (System/Plan)	General Auditing Discussions	3	Apr 27, 2012
A	Customer Profiles - Creating a Customer 'Profile' for our Top 10 Customers	Document Control Systems, Procedures, Forms and Templates	2	Oct 20, 2011
M	Creating an Index for our Documents - Imaging Millions of Paper Records	Document Control Systems, Procedures, Forms and Templates	13	Jul 6, 2011
N	ISO 9001 based Audit Schedules: Creating and Maintaining - Template wanted	General Auditing Discussions	5	May 17, 2011
P	Creating a Traceability Database with Microsoft Access	Document Control Systems, Procedures, Forms and Templates	7	Feb 7, 2011
V	Creating a Cosmetic Inspection Specification for Powder Coated Painted Finished Parts	Manufacturing and Related Processes	7	Nov 15, 2010
I	Difficulty in creating a Quality Manual	Quality Management System (QMS) Manuals	4	Sep 5, 2010
J	Creating an Audit Schedule & Revamping QMS	Internal Auditing	18	May 27, 2010
L	How can you capture many positions held without creating a lengthy resume	Career and Occupation Discussions	4	Apr 24, 2010
	Intro to MSA of Continuous Data - Part 10: Creating gauge families	Imported Legacy Blogs	10	Mar 18, 2010
E	Manufacturing Planning - Creating Improvements	Misc. Quality Assurance and Business Systems Related Topics	7	Feb 3, 2010
R	Creating Quality System and using it before it is complete	ISO 13485:2016 - Medical Device Quality Management Systems	8	Jan 22, 2010
C	Creating a Micro QMS - 4 geographical sites and 3 types of core activities	ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards	2	Nov 12, 2009
S	Sources for Tips, Quotes with Graphics to be used for Creating Awareness?	ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards	1	Oct 11, 2009
R	The difference between Deviation and Failure - Creating an SOP to handle them	Food Safety - ISO 22000, HACCP (21 CFR 120)	24	Mar 23, 2009
A	Creating a Control Plan from scratch	FMEA and Control Plans	3	Mar 16, 2009
M	Problem creating a Macro in Minitab	Using Minitab Software	4	Dec 31, 2008

Creating a policy to evaluate the Third Party Security

aelgum

Gmzita

Attachments

aelgum

Richard Regalado

infosaas

Similar threads