Supplier Security Requirements and Expectations

Supplier Security Requirements and Expectations

Supplier Security Requirements and Expectations

Baseline Requirements for all Suppliers Supplier Name: Support Location: Address: Contact Number: Respondent Name & Role: Supplier Profile: What is your organizations main business function: What function(s) does your organization perform for Intel Corporation: What is your organizations maturity level in provision of this function: Is an industry standard ...accreditation issued by ISO27001, PCI DSS, or independent audit, SSAE-16 or ISAE-3402 audit report or equivalent available? Signature of responsible party: Name: Role: Date: By placing my name in the box above I am acknowledging that I am authorized to agree on behalf of the Supplier named, and do agree to meet the requirements outlined. Any items that are out of scope or that the Supplier cannot meet are identified below. Areas that are out of scope or that are not met: Yes / No Yes No Supplier Instructions: Intel's data protection strategy is to perform a due diligence assessment of data protection controls regardless of location. Your assistance to achieve this goal is greatly appreciated. All Suppliers are expected to meet the minimum controls identified in this document. In some cases Intel requires a written response to this document. If Intel requests a written response from your organization you are required to submit an electronic copy of this document confirming compliance. In responding please provide in the space provided above. If there are any requirements that are out of scope or that cannot be complied with, including changes requested by the Intel Business unit you support, they must be explained in the space provided below the signature box. Once you have reviewed the completed document please send a copy to the Intel Business Contact working with you who will work with Intel Information Risk and Security to complete the assessment 1 Rev. 5.0 process. Please note that if you are handling data that is considered Restricted Secret or above additional reviews will be required as a part of the Supplier review. 1. Security Policy a. The Supplier must have an Information Security policy in place which meets applicable industry standards and which is subject to review by Intel under a Non-Disclosure Agreement (NDA). This policy must comply with the laws, regulations, operational procedures and systems security configurations implemented. This policy must be reviewed on a regular basis by the Supplier. b. The policy must provide governance for all platforms deployed including mobile computing and Small Form Factor (SFF) devices that require access to Intel data or Intel operated systems. 2. Organizing Information Security a. Information Security Roles and responsibilities must be clearly defined and implemented. b. Non-disclosure agreements must be signed by Suppliers prior to being granted access to Intel information. c. All interactions with Intel or involving Intel information must be secured and approved by Intel. d. All subcontracted activities involving Intel information must be approved and secured by the Supplier. 3. Asset Management a. Intel will generally inform the Supplier of the classification of Intel data provided to Supplier. In the event Supplier is not certain of the Read the full Supplier Security Requirements and Expectations.