The purpose of this policy is to ensure the security and responsible management of Redgate's suppliers.
For the purposes of this policy, a Supplier is a company or individual providing software, hardware or services relating to information processing to Redgate.
This Policy applies to all employees, contractors, and third-party users who engage with Suppliers on behalf of Redgate.
Suppliers fall into two categories (critical and non-critical), based on the risk profile of the services they provide (this is determined by the type of data and/or volume of confidential or sensitive information, availability and/or integrity requirements). In all cases:
Critical Suppliers shall undergo a full review prior to selection. Review areas include (where applicable):
Redgate shall maintain an up-to-date register of all Suppliers and the products and services they supply to us.
Redgate shall maintain a list of embargoed countries/customers/suppliers.
Redgate shall maintain detailed records of all Supplier agreements, contracts, and other documentation associated with the Supplier relationship. Suppliers shall be reviewed upon renewal or when Redgate are made aware of material changes to services. Business Critical Suppliers will be reviewed at either contract renewal or earlier (at our discretion).
Suppliers shall be required to:
Redgate shall ensure that contractual agreements are put in place when personal information is shared between organisations.
Suppliers who may process credit card data falling under the scope of PCI-DSS requirements shall be required to maintain PCI-DSS compliance.
Redgate shall maintain a record of which PCI-DSS requirements are managed by each service provider.
Redgate shall verify compliance of such Suppliers annually.
In the event of a security incident involving a Supplier:
A process shall be maintained for terminating supplier relationships in an orderly and secure manner. As part of this process:
A final review of the supplier relationship shall be conducted to ensure that all security and quality requirements have been met.