Monitoring compliance of suppliers and subprocessors
The following article briefly explains how Springest monitors compliance with key suppliers and subprocessors.
Springest works with a number of partners in order to provide its services as a learning platform. How we select, adopt and monitor these partners is formalised in our Supplier policy. The monitoring of suppliers is extra important when it concerns partners that process personal data. These are monitored throughout the year. This is how we:
- ensure compliance with our Data Processing Agreements;
- maintain a close and stable relation;
- stay well informed concerning updates and changes that could impact security.
The monitoring of subprocessors
The monitoring is done by two different roles. One carries out an annual review of all our suppliers. During the review we ask ourselves three questions:
- Are we happy with the supplier service?
- Were there any changes regarding the agreements and terms?
- Have there been issues with security and subprocessing?
The other review is done four times per year and is more in depth. The review can consist of:
- Gathering specific information directly from one of the partners;
- Reviewing recent publications from the partners;
- Requesting data removal from the partners;
- Requesting access to the data processing register and security incident register;
- Reviewing and updating account settings;
- Reviewing the listed subprocessors of the partners;
- Physically auditing the partners and the dataprocessing facilities (in exceptional circumstances).
Results of both reviews are recorded and if needed, shared with the Security departement. Any concerns and issues are reported and followed-up on.