This Vendor Relationship Policy is an integral part of the Information Security Policy and is therefore considered
mandatory and knowledgeable for all Sophos Solutions related vendors and third parties:
Vendors shall know and abide by the procedures referred to in this chapter, relating to data linking, unlinking,
business continuity, and processing.
Secure information erasure processes, and incident reporting, must be defined according to the specific
services provided by the vendor, however, Sophos Solutions will establish generic procedures in case they
cannot or must be defined at the time of the engagement.
Sophos Solutions establishes a general procedure for linking and unlinking Vendors. However, the above can
be particularities for each process according to the specific need. Such particularities will be exposed to the
vendors at the time of linking or unlinking.
Once the need for vendor service delivery is complete, the requesting area must inform the purchasing area of the intention to unlink the vendor, whatever the cause.
In the event that the vendor’s service has been performed instantaneously, a letter will be sent informing the service’s compliance with the agreement of the requesting area and the contractual relationship will end.
If, on the contrary, the service has been performed successively, and has had a contract with special obligations by means, the area of purchase will give notice to the legal area to verify that the special contractual obligations have been fulfilled and it is possible to terminate the contract in accordance with the specific terms of the contract, and the requesting area will be notified to give its consent on the fulfillment of the contractual object.
Once the previous stage has been completed, the legal area shall draw up a notice of termination of the contract and request the signing of a record indicating the termination, performance of the contractual obligations.
The purchasing area will perform, in conjunction with the requesting areas and areas involved in the provision of the service, according to specific needs, a checklist of final obligations such as: secure deletion of information, delivery or destruction of confidential information, among others.
Finally the purchasing area will request the removal of the vendor in the accounting outsourcing.
This Privacy Notice (hereinafter “Notice”) sets forth the terms and conditions under which Sophos Solutions will process your personal data.
Sophos Solutions’ treatment with personal information will be as follows: The collection, storage, use, circulation, request for satisfaction surveys, among others related to the operation of The Company, to carry out the relevant steps for the development of the company’s social object in relation to the fulfillment of the object of the contract concluded with the Owner of the information, among others related.
The Owner can access our Information Treating Policy, which is published on the Company’s official website Home – Sophos Solutions /Corporate Information/ Data Processing Policy.
Sophos Solutions reserves the right to request the Vendor to carry out scheduled visits both face to face and virtual (subject to agreement between the parties), and in accordance with the provisions of the contracts, specifically those which, by their service of guarding or processing information, are considered critical to the company. This is in order to verify the security conditions implemented by the vendor and to provide guarantees regarding third-party risks, including the warranty on internal controls of external service providers
Sophos Solutions will establish the appropriate guidelines for the dissemination and delivery of these guidelines to each vendor with whom it has a contractual relationship in order to comply with and implement the requirements of the company.
“Sophos Solutions S.A.S. reserves the right to modify this document according to changes within the company”