Comprehensive Management System Policy for Suppliers and Third Parties

  • Home
  • Integrated Management System Policy for Suppliers and Third Parties

In accordance with the provisions of the internal and process guidelines, for the commercial relationship with our business partners/business partners or suppliers of IT ERA S.A. DE C.V., the following is made available for information: At It Era, we are committed to information security, quality of our products and services, environmental protection, transparency, integrity, ethics, excellence and compliance with the law in all our operations and in the management of our supply chain. We recognize that our suppliers play a critical role in achieving these goals. Therefore, this policy sets out the minimum expectations and requirements that must be followed by all suppliers working with our organization.

As a provider, you agree and agree to:

Information Security.

  • PROTECT IT ERA’S CONFIDENTIAL INFORMATION AND RESOURCES AND THOSE OF OUR CUSTOMERS: All information, documentation, systems and applications, organizational, business strategies and activities related to It Era, to which you have access, is considered confidential information, is classified and is stored on the computers. Maintain the confidentiality, integrity, availability of information and not disclose it to unauthorized persons, safeguard and protect it. Implement malware monitoring solutions; Manage data backups and configuration information. Any information asset that you carry out in It Era, is generated within the framework of the “SUPPLIER CONTRACT”, either for moral or physical personnel of the corresponding service provision and the NDA (CONFIDENTIALITY AGREEMENT), as well as the applicable security guidelines of clause SEVEN. -CONFIDENTIAL INFORMATION.
  • IMPLEMENT SECURITY CONTROLS: Have adequate controls in place to protect the data you have access to.
  • HAVE A SAFETY CONTACT: Include a contact person to manage information security issues.

Secure Development and Maintenance of Systems/Software performed by a third party.

  • SECURING IT SEAN’S INTELLECTUAL PROPERTY AND CODE WAS: It is established from the contract.
  • ENSURE COMPLIANCE WITH ESTABLISHED SAFETY AND QUALITY REQUIREMENTS: The quality of the final product is verified by the owner of the system or application who signs the Certificate of Conformity or similar.
  • INTEGRATE SECURITY BY DESIGN AND CODE: Consider security from the beginning of the software development process and maintain version control. Use secure coding practices and avoid known vulnerabilities such as SQL injections and buffer overflows.
  • IDENTIFY AND ASSESS SECURITY RISKS: Commitment to perform it at all stages of development and to apply appropriate controls to mitigate them.
  • PERFORM THOROUGH SECURITY TESTING: Include penetration and vulnerability testing prior to product launch.
  • PROVIDE REGULAR UPDATES AND SECURITY PATCHES: Address new vulnerabilities and threats.

Quality and Environment.

  • MEET OUR QUALITY STANDARDS: Commitment to compliance with established internal and specific customer requirements. Notify before making changes that affect the way the service is provided, including the technical infrastructure (hardware and software).
  • TO PROVIDE SAFE, RELIABLE, AND DEFECT-FREE PRODUCTS AND SERVICES: Through the detection of incidents and the provision of necessary measures to alleviate their consequences and avoid their recurrence, committed to the establishment of actions and programmes aimed at prevention.
  • ENSURE COMPLIANCE WITH DEADLINES: Consider the execution of the agreed deadlines of the works, creating internal and customer relationships based on trust, transparency and mutual respect.
  • RESPECT PROFESSIONAL ETHICS: Work at all times within the strictest professional ethics, safeguarding the information coming from clients and staff.
  • MINIMIZE YOUR ENVIRONMENTAL IMPACT: Have sustainable production practices and operations.
  • REDUCE THE USE OF NATURAL RESOURCES AND GENERATE WASTE as much as possible and thus prevent pollution.

Anti-bribery

  • PREVENT BRIBERY: Undertaking not to engage in any form of bribery in connection with the relevant transaction, project, activity or relationship (including payments, gifts, favours or any other improper advantage, whether directly or indirectly). Bribery in any form is unacceptable and compromises our core values.
  • PROHIBIT INAPPROPRIATE GIFTS AND HOSPITALITY: Refrain from offering, giving, or receiving gifts, gifts, and hospitality that may unduly influence a business decision or create the appearance of a conflict of interest. Gifts and hospitality must be of reasonable value and permitted by relevant policies and regulations (It Era footer).
  • COMPLY WITH THE SUPPLIER REGISTRATION DOCUMENTATION AND CONDITIONS OF THE INVOICE RECEIPT CALENDAR: Provide the documentation requested to establish the relationship and corroborate its authenticity and legal existence before the Public Property Registry.

General

  • ENSURE THAT YOU READ AND KNOW OUR POLICY TOWARDS YOUR STAFF: Commitment to verify and respect our policy of the internal integrated management system published in the footer of It Era, based on the tasks and actions to be developed, as coming from the fulfillment of any service. We encourage open communication and collaboration, we are open to suggestions and comments that contribute to improving our practices and meeting our objectives.
  • COMPLY WITH ALL LAWS AND REGULATIONS: Commitment to compliance with applicable regulations and legislation related to information security, environmental requirements, bribery and corruption in the jurisdictions in which they operate.
  • PARTICIPATE IN CONTINUOUS IMPROVEMENT AND INNOVATION ACTIVITIES: Have activities to increase the quality of products and services supplied and take care of environmental practices, including the adoption of cleaner and more sustainable technologies.
  • PROVIDE EVIDENCE OF COMPLIANCE AND DUE DILIGENCE INFORMATION: Provide evidence of compliance with the requirements related to the contract and this policy when requested by It Era whether for auditing, training, supervision or monitoring of activities. Cooperate fully with due diligence procedures and provide all requested information and documentation.
  • IMMEDIATELY REPORTING TO IT WAS ANY INCIDENT, COMPLAINT, COMPLAINT OR ATTEMPTED BRIBERY: Any security incident or data breach that may occur, report it to the person responsible for Information Security or Technical Support via email in order to preserve and protect information assets at all times. Any attempt, concern, concern, complaint or alert in relation to a situation of corruption, bribery or about the correction of any conduct that they may witness, either within our company or in any other entity, report it to Human Talent or through our secure and confidential reporting channel on the It Era website. All complaints will be properly investigated, risks examined and appropriate action plans generated. Confidentiality will be maintained as far as possible, without taking any form of retaliation or discrimination.
  • COOPERATE IN ANY INVESTIGATION: Fully contribute to IT ERA in any investigations related to information security, environmental requirements, bribery, and corruption

Consequences of not complying with the established policy.

  • We reserve the right to conduct audits, periodic assessments or due diligence on our suppliers to verify their compliance with this policy, its standards and to assess their risk of involvement in bribery and corruption activities or the nature and scale of any relevant transaction, project, activity or relationship. Where It Era identifies more than a low bribery risk, determines whether the supplier has anti-bribery controls in place, where it does not have, or is not possible to verify if it does, where possible, we request that they be implemented. It Era is not required to verify full compliance with these requirements by the uncontrolled provider, however, it verifies that it has relevant policies in place.
  • Failure to comply with this policy may result in corrective action or, in serious cases such as bribery by, or on behalf of, or for the benefit of the supplier, or if the risks involved are unacceptably high and cannot be reduced by other means, then the transaction, project, business activity or relationship as soon as possible with your organization, as well as in legal action as appropriate.

Validity

  • This policy is effective immediately and compliance with it is mandatory for all parties involved.
  • We are committed to continuously reviewing and improving this policy to verify its adequacy with the actual way IT Era acts and to stay aligned with changes in legislation, best practices and the highest standards in services, safety, quality, environment and anti-bribery. Our suppliers are expected to review and accept any updates to this policy.
  • We appreciate your partnership in realizing, maintaining, and promoting these shared goals and values. Any questions or concerns about this policy should be directed to our company’s legal area.