Sample third Party Management Policy Released

1. Third Party Management Policy v1.0 Classification: Internal Sample Third Party Management Policy DOCUMENT ID : NN-NNN-NN 1

2. Third Party Management Policy v1.0 Classification: Internal Version Control Version Date Prepared By Reviewed By Approved By dd-mm-yy 1.0 Change History Version Description of Change 1.0 First release Distribution List 1.Write the target audience who should receive a copy of this document. 2. 3. This document is created by the Azpirantz Marketing Team. For expert consulting aligned with your business needs, please reach out to sales@azpirantz.com. DOCUMENT ID : NN-NNN-NN 2

3. Third Party Management Policy v1.0 Classification: Internal Purpose This policy aims to define the rules necessary to ensure the protection of the organization's assets that are accessible to third parties. Scope This policy governs all third-party entities who have been authorized to access ABC Corp.'s information assets and information processing facilities. Responsibility All employees, third parties, suppliers, and contractors are responsible for adhering to this policy. Department Heads shall be responsible for, and authorized to carry out, the enforcement of this policy within their designated areas. Policy Statements 1.The organization shall ensure that all third parties enter into an appropriate agreement defining their role and responsibilities with respect to organizational goals and objectives. 2.All third parties shall be required to enter into a confidentiality agreement outlining their responsibility and accountability for the confidentiality of ABC Corp.'s business information they may encounter during the course of fulfilling their assigned duties. 3.Service agreements and confidentiality agreements shall be executed in accordance with applicable laws, regulations, and ethical principles. 4.Service agreements and confidentiality agreements must be signed by a duly authorized representative of the third-party organization. 5.No physical or logical access to ABC Corp.'s business information, information processing facilities, work premises, etc., shall be granted to any personnel of a third-party organization prior to the execution of the service agreement and confidentiality agreement. 6.The information security responsibilities of all third parties towards ABC Corp. shall be clearly defined and communicated to them. 7.Information security risks associated with third-party engagements shall be identified, assessed, and treated based on the nature of the engagement before its commencement. DOCUMENT ID : NN-NNN-NN 3

4. Third Party Management Policy v1.0 Classification: Internal 8.ABC Corp. personnel interacting with third-party personnel must be cognizant of the appropriate rules of engagement and expected behavior based on the type of third party and their level of access to ABC Corp.'s systems and information assets. 9.Third-party agreements shall include the right for ABC Corp. to monitor and audit the third party's processes, services, and infrastructure providing service delivery to ABC Corp., proportionate to the risk posed to ABC Corp.'s business information and information processing facilities by the third-party services. 10.ABC Corp. shall conduct regular monitoring, reviews, and audits of third-party service delivery. 11.All third parties shall be made aware of ABC Corp.'s information security policy and objectives relevant to their specific engagement and service delivery. Note: This document serves as a sample template. Organizations are required to develop a comprehensive policy that incorporates specific legal, regulatory, contractual, and business requirements. DOCUMENT ID : NN-NNN-NN 4