SOC2 Vendor Management Policy

Purpose and Scope

• This policy defines the rules for relationships with the organization’s Information Technology (IT) vendors and partners.
• This policy applies to all IT vendors and partners who have the ability to impact the confidentiality, integrity, and availability of the organization’s technology and sensitive information, or who are within the scope of the organization’s information security program.
• This policy applies to all employees and contractors that are responsible for the management and oversight of IT vendors and partners of the organization.