Compliance Check Policy (Suppliers)
Below are the explanations of the procedures and internal processes regarding the preventive controls ("Compliance Check") and periodic audits ("Compliance Audit") concerning Agile's suppliers ("Suppliers").
The following section outlines the flows and responsibilities of each relevant business function in their dealings with Suppliers and the Compliance Check procedure. In Section 2), we will describe the execution criteria and frequency of Internal Audit activities related to ongoing relationships.
Involved Parties and Responsibilities:
Internal Compliance:
- Monitor the collection of documentation related to supplier compliance.
Internal Technical Compliance:
- Manage the back-office activities related to GDPR compliance with Suppliers.
- Handle communications and inquiries from Suppliers.
GDPR & Cybersecurity Legal Account:
- Assist the company in contract negotiations with Suppliers.
- Support Internal Compliance in submitting Data Processing Agreements (DPA).
- Assist Internal Technical Compliance in sending periodic questionnaires to Suppliers.
Audit documents and checklists are available on the Compliance Sharepoint.
Compliance Check
Without any limitations on additional verification activities that may be necessary for the proper evaluation of relevant profiles regarding GDPR compliance and other privacy requirements imposed on individual Suppliers, the following is an illustrative guide to the main Compliance Audit checks.
The Audit aims to periodically verify: (i) the implementation of security measures to ensure data integrity, availability, and recovery as guaranteed by the Supplier, and (ii) compliance with contractual parameters imposed on the Supplier.
Compliance Audits are conducted annually for all suppliers. This activity is managed by the Internal Technical Compliance team with the assistance of the GDPR & Cybersecurity Legal Account.
The Compliance Audit should be sent to Suppliers via PEC (Certified Electronic Mail) or email.
Documents, receipts, and PECs will be stored by the Internal Technical Compliance team in the relevant folder within the Sharepoint Compliance area.