Loading...

Supplier requirements

Dear Supplier,

Iberlayer is a privately owned Spanish company, founded in 2012 and specialised in providing Cloud Security services.

From a firm conviction in differentiation through specialisation and added value, the management of Iberlayer’s approaches the Information Security System as the way to organise its business life, based on basic pillars such as the quality of its products, its processes, the continuous improvement of the effectiveness of the Information Security Management System and customer satisfaction.

For this reason, Iberlayer declares the Security Management System as a strategic and priority objective, staying at the forefront of monitoring trends in quality and information security, while at the same time promoting quality in our processes.

As an important and necessary part of our supply chain, we are sending you the following document for your consideration and study, with the ultimate aim of continuing in the line of quality that you have been following in recent years.

Iberlayer has implemented an Integrated Information Security Management System, which controls all aspects related to Information Security related to personnel and companies that provide services and/or products to our organization.

This system includes the communication of the Information Security Requirements Policy applicable to our suppliers and subcontractors, without whose collaboration the implementation of our Information Security principles in the marketing of our products and services could not be guaranteed.

For this reason, we want to convey to our suppliers the need for their behavior to be consistent and in the same line of action as Iberlayer and inform them of the importance of complying with both the principles described in our Policy and the requirements established in this communication in order to ensure that their behavior ensures the greatest respect for Safety at all times.

Suppliers of goods and services, including subcontractors, can be classified into the categories listed below:

  • Technology service providers. Those that offer us services such as web hosting, issuance of certificates, payment gateway services, cloud storage services, computer support services (both in-person and remote), etc.
  • Non-technological service providers that access corporate data, such as financial service providers, travel, transportation, advertising and marketing, etc.
  • Non-technological service providers who access facilities with corporate data: facility maintenance, electricity, alarms, surveillance systems, etc.
  • Suppliers of technological products. They include all those where we acquire the devices, hardware components and computer applications.
  • General suppliers (office supplies, cleaning, other services, etc.)

Taking into account the impact that the products and services supplied to us may have on Information Security, a series of general requirements and specific requirements are established depending on the type of supplier in question.

A. General requirements applicable to all suppliers
  • Know and comply with current legislation applicable to your activities, products and services, both of a general nature and in terms of Information Security and Data Protection.
  • Communicate to Iberlayer any information and/or documentation that may be requested regarding the security aspects of its products and/or services.
  • Only supply materials that meet applicable safety and quality standards.
  • Provide, if required, the corresponding certificates of quality and/or conformity of the products supplied.
Requirements applicable to suppliers related to or affected by information security
  • Comply at all times with the Quality Security and Information Security policy established by Iberlayer.
  • Observe the rules on the correct use of devices.
  • Comply with Iberlayer's policy regarding:
    • Confidentiality of information.
    • Acceptable/appropriate use of devices and resources.
    • Physical access control.
    • Protection against malware and security measures in data transmission with Iberlayer.
    • Authentication of communications, their origin, destination and purpose.
  • Compliance with the RGPD and the LSSI.
  • Compliance with intellectual property rights.
  • Other regulations applicable to the provider due to the nature of its services.
C. Requirements applicable to personnel providing services at Iberlayer facilities
  • Comply at all times with the Quality Security and Information Security policy established by Iberlayer
  • Observe the rules on the correct use of devices.
  • Comply with Iberlayer's policy regarding:
    • Confidentiality of information.
    • Acceptable/appropriate use of devices and resources.
    • Physical access control.

Regarding the quality section, we inform you that, in order to guarantee the provision of a quality service, while ensuring the protection of the security of the information and the satisfaction of our clients, we carry out monitoring on the performance of our suppliers.

For all of the above, we inform you of the factors that we consider in this continuous monitoring of performance and its annual reevaluation based on the following parameters:

  • Price quality.
  • Supply capacity.
  • References.
  • After-sales service.
  • Approved client supplier.
  • No Non-Conformities (A).
  • With Non-Conformities.
  • SLA compliance (if applicable).
  • Compliance with access policies (if applicable).
  • Compliance with the use of devices or resources.

On the other hand, in the annual evaluation, the monitoring of incidents (Non-Conformities) in terms of:

  • Quality of the product/service supplied.
  • Compliance with committed delivery dates and/or SLA.
  • Security of the information.

Based on existing incidents, as well as the agility and quality of the response received, the criteria are established to obtain the classification of our suppliers.

Iberlayer is at your disposal for any clarification regarding the information indicated in this statement.

Sincerely.

Pedro David Marco
CEO

Top Top