Supply-Chain & Third-Party Risk
We carefully manage risks associated with our vendors and partners to ensure your data remains protected across our entire supply chain.
Managing Third-Party Security
In today's interconnected world, security doesn't end at our boundaries. We extend our security requirements to all vendors and partners who may handle your data, ensuring consistent protection throughout our ecosystem.
Vendor Evaluation & Monitoring
We evaluate and monitor all third-party service providers, cloud-hosting partners, software vendors and data-processors for their security practices and contractual commitments.
Data Processing Agreements
Where third parties handle patient-identifiable information or clinical data, we ensure they operate under defined Data-Processing Agreements (DPAs) and meet our security standards.
Risk Register & Mitigation
We maintain a risk register for third-party dependencies and prioritise mitigation of any supply-chain or vendor vulnerabilities.
Our Third-Party Management Process
- Security assessment before onboarding any new vendor
- Contractual security requirements and DPAs
- Regular reviews of vendor security posture
- Incident notification requirements in vendor contracts
- Exit procedures for secure data return or deletion