Creating a policy to evaluate the Third Party Security

A

aelgum

Hi Group.

Good day.

As part of policy creation am creating a policy to Evaluate the Third Party security.

Can anyone share any templates or provide the inputs what needs to be considered to evaluate the Third Party Security?

Regards
Ajay
 
G

Gmzita

Ajay -

I saw your post and didn't know if this would be useful for you at all. Our company is involved in the C-TPAT program for the US Customs Dept. It deals with importing foreign goods and maintaining security for incoming goods. We primarily deal with Manufacturers so our survey is based on US Customer requirements tailored to that group - but they have many more - see http://www.cbp.gov/border-security/...hip-against-terrorism/apply/security-criteria

I attached the generic survey we use for Manufacturers - maybe you can pull some ideas from it or find what you need at the above website. We typically ask the manufacturer to complete the survey and then send someone from our facility to verify their responses. Once it is on file then we have a simpler form that we use for three year review cycle. It simply asks for the basic information and whether or not there have been any changes. If there have been, then we ask for a description and re-verify with a site visit. If none - then we just keep it on file.

Let me know if this helps.
~ Geralyn
 

Attachments

  • C-TPAT Vendor Survey.doc
    59.5 KB · Views: 217

Richard Regalado

Trusted Information Resource
Hello again.

Writing a policy? Have you assessed the risk coming from 3rd-party security? If not, I suggest you do the risk assessment first. After all, the course of action embodied on your policy is related to your risk.

There are many templates in the Net but you have to customize it to your organization and one way of addressing your specific needs is via assessing your risks.

Cheers!
Richard
 
I

infosaas

Richard has hit the nail on the head. A policy document on third party security should set out the requirements and expectation on the third party, the data they use, their method of communications, there own responsibilities to protect data, retain ISO27001 certification etc.

That is only half of the story. How have your existing risk assessments been completed with regards to:

- transmission of data to/from third parties
- third party confidentiality clauses that protect you as the customer
- the integrity of their services - what if they suffer a hack or data breach
- what happens when third party personnel leave?
- any assets (data or tangible) supplied to the third party
- their own business/service continuity arrangements
- etc. etc. etc.

Policy sets directions. Risk assessment demonstrates whether or not security activities and controls are effective. You need a combination of both.
 
Thread starter Similar threads Forum Replies Date
G Creating a "Records Policy" - Control of Quality Records Records and Data - Quality, Legal and Other Evidence 13
T Errors & Omissions in Creating QMS Procedures AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
S Creating a Quality culture! AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
Y Creating Equipment qualification protocol Qualification and Validation (including 21 CFR Part 11) 2
R Accelerated Aging - Creating test samples - Implantable medical device Question Other Medical Device Related Standards 4
L Hazardous Waste - Tips for creating standardized training Miscellaneous Environmental Standards and EMS Related Discussions 2
M Informational Creating a post market surveillance (PMS) system for medical devices – Part 1 Medical Device and FDA Regulations and Standards News 7
J Sample size for creating a data base as a reference to a tested variable Other Medical Device and Orthopedic Related Topics 6
8 Creating Flow and Pull Game Lean in Manufacturing and Service Industries 6
Booker Main responsibility for Control Plans - creating and maintaining FMEA and Control Plans 15
shimonv Creating a new commercial product based on a modification to an existing product Other US Medical Device Regulations 4
R Creating WIs for a Heavy Civil Engineering Services company Document Control Systems, Procedures, Forms and Templates 19
M Creating a Plant Level Value Stream Map Process Maps, Process Mapping and Turtle Diagrams 1
T IMDS - Creating an MDS out of material and a made item? RoHS, REACH, ELV, IMDS and Restricted Substances 4
D How do I go about creating document logs and registers with the MS Excel Excel .xls Spreadsheet Templates and Tools 2
W ISO9001:2015 - Clause 7.5.2 - Requirements for Creating & Updating Documents ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
K Creating together Standard Definition for Prevention and Detection FMEA FMEA and Control Plans 1
Marc Creating an Internal Audit Program That Works for Your Organization Internal Auditing 0
M Creating change / Forcing change within a Company Lean in Manufacturing and Service Industries 7
S Creating goals and objectives with targets and measurables for self-evaluations Management Review Meetings and related Processes 2
L Creating a xlsx Customer Complaint file to track Complaints Excel .xls Spreadsheet Templates and Tools 2
S When creating a 510k, which Guidance Document Wins? Other US Medical Device Regulations 9
P GS1 NHRN AIs - Creating Barcodes for Human Product Other ISO and International Standards and European Regulations 4
O Creating a Tool to Track & Verify Mistake Proofing Devices Document Control Systems, Procedures, Forms and Templates 5
B Any suggestion on creating the best paper plane that can hit a target perfectly? Coffee Break and Water Cooler Discussions 2
P Creating a PPAP document for my Suppliers APQP and PPAP 1
L Any recommendations on software for creating hierarchical workflows ? Misc. Quality Assurance and Business Systems Related Topics 2
AnaMariaVR2 Creating Global Giants from a Culture of Israeli Start-Ups Coffee Break and Water Cooler Discussions 0
R Creating a c-chart spreadsheet to use in my department Excel .xls Spreadsheet Templates and Tools 5
R Inspection Database Picker - Creating an Inspection Report Document Control Systems, Procedures, Forms and Templates 1
P Problem with creating VSM current map Lean in Manufacturing and Service Industries 3
G Creating an Organization Chart - AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
L Creating DHF (Design History File) for Medical Device Systems Design and Development of Products and Processes 8
Q Recommendations for criteria on creating a CAPA (Corrective and Preventive Action) ISO 13485:2016 - Medical Device Quality Management Systems 8
C Creating a Multiple Table SQL (Structured Query Language) Query in Minitab Using Minitab Software 10
C Resources for creating Process Validation Procedures Qualification and Validation (including 21 CFR Part 11) 5
B Creating an Audit Mechanism (System/Plan) General Auditing Discussions 3
A Customer Profiles - Creating a Customer 'Profile' for our Top 10 Customers Document Control Systems, Procedures, Forms and Templates 2
M Creating an Index for our Documents - Imaging Millions of Paper Records Document Control Systems, Procedures, Forms and Templates 13
N ISO 9001 based Audit Schedules: Creating and Maintaining - Template wanted General Auditing Discussions 5
P Creating a Traceability Database with Microsoft Access Document Control Systems, Procedures, Forms and Templates 7
V Creating a Cosmetic Inspection Specification for Powder Coated Painted Finished Parts Manufacturing and Related Processes 7
I Difficulty in creating a Quality Manual Quality Management System (QMS) Manuals 4
J Creating an Audit Schedule & Revamping QMS Internal Auditing 18
L How can you capture many positions held without creating a lengthy resume Career and Occupation Discussions 4
Miner Intro to MSA of Continuous Data - Part 10: Creating gauge families Imported Legacy Blogs 10
E Manufacturing Planning - Creating Improvements Misc. Quality Assurance and Business Systems Related Topics 7
R Creating Quality System and using it before it is complete ISO 13485:2016 - Medical Device Quality Management Systems 8
C Creating a Micro QMS - 4 geographical sites and 3 types of core activities ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
S Sources for Tips, Quotes with Graphics to be used for Creating Awareness? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1

Similar threads

Top Bottom