Baseline Requirements for all Suppliers
Supplier Name: Support Location:
Address: Contact Number:
Respondent Name & Role:
What is your organizations main business function:
What function(s) does your organization perform for Intel Corporation:
What is your organizations maturity level in provision of this function:
Is an industry standard ...accreditation issued by ISO27001, PCI DSS, or independent audit, SSAE-16 or
ISAE-3402 audit report or equivalent available?
Signature of responsible party:
By placing my name in the box above I am
acknowledging that I am authorized to agree on
behalf of the Supplier named, and do agree to
meet the requirements outlined. Any items that
are out of scope or that the Supplier cannot meet
are identified below.
Areas that are out of scope or that are not met:
Yes / No
Intel's data protection strategy is to perform a due diligence assessment of data protection controls
regardless of location. Your assistance to achieve this goal is greatly appreciated. All Suppliers are
expected to meet the minimum controls identified in this document. In some cases Intel requires a
written response to this document.
If Intel requests a written response from your organization you are required to submit an electronic
copy of this document confirming compliance. In responding please provide in the space provided
above. If there are any requirements that are out of scope or that cannot be complied with, including
changes requested by the Intel Business unit you support, they must be explained in the space provided
below the signature box.
Once you have reviewed the completed document please send a copy to the Intel Business Contact
working with you who will work with Intel Information Risk and Security to complete the assessment
process. Please note that if you are handling data that is considered Restricted Secret or above
additional reviews will be required as a part of the Supplier review.
1. Security Policy
The Supplier must have an Information Security policy in place which meets applicable
industry standards and which is subject to review by Intel under a Non-Disclosure
Agreement (NDA). This policy must comply with the laws, regulations, operational
procedures and systems security configurations implemented. This policy must be
reviewed on a regular basis by the Supplier.
The policy must provide governance for all platforms deployed including mobile
computing and Small Form Factor (SFF) devices that require access to Intel data or Intel
Organizing Information Security
Information Security Roles and responsibilities must be clearly defined and
Non-disclosure agreements must be signed by Suppliers prior to being granted access to
All interactions with Intel or involving Intel information must be secured and approved
All subcontracted activities involving Intel information must be approved and secured by
Intel will generally inform the Supplier of the classification of Intel data provided to
Supplier. In the event Supplier is not certain of the
Read the full Supplier Security Requirements and Expectations.