GV.SC-10.119

Does your organization have documented procedures for managing data leakage risks when terminating supplier relationships?

Explanation

When supplier relationships end, there's a risk that sensitive data may be retained by the supplier or improperly handled during the transition. This question assesses whether your organization has formal processes to ensure data is either returned, securely destroyed, or properly transferred when a supplier relationship ends. These procedures should include data identification, access revocation, contractual obligations enforcement, and verification of data removal. Evidence could include a supplier offboarding policy document, termination clauses from supplier contracts addressing data handling, checklists used during supplier termination, or documentation of completed supplier termination processes showing data protection measures.

Implementation Example

Manage data leakage risks associated with supplier termination

ID: GV.SC-10.119

Context

Function: GV: GOVERN
Category: GV.SC: Cybersecurity Supply Chain Risk Management
Sub-Category: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub