Comprehensive Management System Policy for Suppliers and Third Parties

  • Home
  • Integrated Management System Policy for Suppliers and Third Parties

In accordance with the provisions of the internal and process guidelines, for the commercial relationship with our partners
business/business or suppliers of It Era S.A. DE C.V., the following is made available for information:
At Itera, we are committed to information security, quality of our products and services, and the protection of the environment
transparency, integrity, ethics, excellence and compliance with the law in all our operations and in the management of
our supply chain. We recognize that our suppliers play a critical role in achieving these goals. By
Therefore, this policy sets out the minimum expectations and requirements that must be followed by all suppliers working with our
organization.

As a provider, you agree and agree to:

Information Security.

  • PROTECT ITERA’S AND OUR CUSTOMERS’ CONFIDENTIAL INFORMATION AND RESOURCES: All information, documentation, organizational systems and applications, business strategies, and activities related to Itera, to which you have access, is considered confidential information, is classified, and is stored on computers. Maintain the confidentiality, integrity, availability of information and not disclose it to unauthorized persons, safeguard and protect it. Implement malware monitoring solutions; Manage data backups and configuration information. Any information asset that you carry out in Itera, is generated within the framework of the “SUPPLIER CONTRACT”, either for moral or physical personnel of the corresponding service provision and the NDA ( CONFIDENTIALITY AGREEMENT), as well as the applicable security guidelines of the clause SEVENTH. -INFORMATION CONFIDENTIAL.
    ● IMPLEMENT SECURITY CONTROLS: Have adequate controls in place to protect the data you have access to.
    HAVE A SECURITY CONTACT: Include a contact person to manage information security issues.

Secure Development and Maintenance of Systems/Software performed by a third party.

  • SECURING IT SEAN’S INTELLECTUAL PROPERTY AND CODE WAS: It is established from the contract.
  • ENSURE COMPLIANCE WITH ESTABLISHED SAFETY AND QUALITY REQUIREMENTS: The quality of the final product is verified by the owner of the system or application who signs the Certificate of Conformity or similar.
  • INTEGRATE SECURITY BY DESIGN AND CODE: Consider security from the beginning of the software development process and maintain version control. Use secure coding practices and avoid known vulnerabilities such as SQL injections and buffer overflows.
  • IDENTIFY AND ASSESS SECURITY RISKS: Commitment to perform it at all stages of development and to apply appropriate controls to mitigate them.
  • PERFORM THOROUGH SECURITY TESTING: Include penetration and vulnerability testing prior to product launch.
  • PROVIDE REGULAR UPDATES AND SECURITY PATCHES: Address new vulnerabilities and threats.

Quality

  • MEET OUR QUALITY STANDARDS: Commitment to compliance with established internal and specific customer requirements. Notify before making changes that affect the way the service is provided, including the technical infrastructure (hardware and software).
  • TO PROVIDE SAFE, RELIABLE, AND DEFECT-FREE PRODUCTS AND SERVICES: Through the detection of incidents and the provision of necessary measures to alleviate their consequences and avoid their recurrence, committed to the establishment of actions and programmes aimed at prevention.
  • ENSURE COMPLIANCE WITH DEADLINES: Consider the execution of the agreed deadlines of the works, creating internal and customer relationships based on trust, transparency and mutual respect.
  • RESPECT PROFESSIONAL ETHICS: Work at all times within the strictest professional ethics, safeguarding the information coming from clients and staff.

Environment

  • COMPLY WITH CURRENT ENVIRONMENTAL LEGISLATION: Adopt practices that prevent pollution, reduce energy consumption, and minimize emissions and environmental impacts.
  • MINIMIZE YOUR ENVIRONMENTAL IMPACT: Implementing sustainable practices in production and operations that reduce negative effects on the environment, the use of natural resources and the generation of waste.
  • IDENTIFY AND CONTROL ENVIRONMENTAL RISKS: Associated with their activities, applying a preventive approach.
  • IMPLEMENT ENERGY EFFICIENCY, WATER MANAGEMENT AND BIODIVERSITY CONSERVATION PROGRAMMES: Seeking the responsible use of resources.
  • PROPERLY MANAGE TECHNOLOGICAL RESOURCES: Promoting the reuse of equipment, the correct disposal of electronic waste and the preference for sustainable and low-consumption solutions.
  • PROMOTING THE CIRCULAR ECONOMY AND SUSTAINABLE INNOVATION: Prioritising recycling, the recovery of materials and the use of technologies that contribute to reducing the environmental footprint.

Artificial Intelligence (This provision shall apply in the event of the use of Artificial Intelligence (AI) by the provider.)

  • MAINTAIN TRANSPARENCY: If applicable, the provider must inform Itera in advance about the use of any AI assistant, model, algorithm or system, and ensure that it only uses tools and services authorized by Itera.
  • ENSURE ETHICAL AND RELIABLE USE OF AI: The use of AI must be carried out in an ethical, verifiable manner and in accordance with the quality and compliance standards defined by Itera.
  • ENSURE DATA CONFIDENTIALITY AND SECURITY: No information or data from Itera shall be processed, shared, or stored on AI platforms or systems without express authorization. The provider shall ensure the protection, confidentiality and secure handling of all information in accordance with applicable policies and regulations.
  • ASSIGN AI MANAGER: Designate a contact to monitor and ensure compliance in the use of AI.

Anti-bribery

  • PREVENT BRIBERY: Commitment not to engage in any form of bribery in connection with the transaction, project,
    activity or relationship (including payments, gifts, favors, or any other improper advantage, whether direct or
    indirectly). Bribery in any form is unacceptable and compromises our core values.
  • PROHIBIT INAPPROPRIATE GIFTS AND HOSPITALITY: Refrain from offering, giving, or receiving gifts, gifts, and hospitality that may unduly influence a business decision or create the appearance of a conflict of interest. Gifts and hospitality must be of reasonable value and permitted by relevant policies and regulations (It Era footer).
  • COMPLY WITH THE SUPPLIER REGISTRATION DOCUMENTATION AND CONDITIONS OF THE INVOICE RECEIPT CALENDAR: Provide the documentation requested to establish the relationship and corroborate its authenticity and legal existence before the Public Property Registry.

General

  • ENSURE THAT YOU READ AND KNOW OUR POLICY TOWARDS YOUR STAFF: Commitment to verify and respect our policy of the internal integrated management system published in the footer of It Era, based on the tasks and actions to be developed, as coming from the fulfillment of any service. We encourage open communication and collaboration, we are open to suggestions and comments that contribute to improving our practices and meeting our objectives.
  • COMPLY WITH ALL LAWS AND REGULATIONS: Commitment to compliance with applicable regulations and legislation related to information security, environmental requirements, bribery and corruption in the jurisdictions in which they operate.
  • PARTICIPATE IN CONTINUOUS IMPROVEMENT AND INNOVATION ACTIVITIES: Have activities to increase the quality of products and services supplied and take care of environmental practices, including the adoption of cleaner and more sustainable technologies.
  • PROVIDE EVIDENCE OF COMPLIANCE AND DUE DILIGENCE INFORMATION: Provide evidence of compliance with the requirements related to the contract and this policy when requested by It Era whether for auditing, training, supervision or monitoring of activities. Cooperate fully with due diligence procedures and provide all requested information and documentation.
  • IMMEDIATELY REPORT ANY INCIDENTS, COMPLAINTS, ATTEMPTED BRIBES, OR MISUSE OF AI TO ITERA: Any security incident or data breach that may occur, report it to the person responsible for Information Security or Technical Support via email in order to preserve and protect information assets at all times.
  • Any use or issues related to the processing of data or life cycle of improper Artificial Intelligence systems
    report to Human Talent.
  • Any attempt, concern, concern, complaint or alert in relation to a situation of corruption, bribery or about the correction of any conduct that they may witness, whether within our company or in any other entity, report it to Human Talent or through our secure and confidential whistleblowing channel on the It Era website. All complaints will be properly investigated, risks examined and appropriate action plans generated. Confidentiality will be maintained as far as possible, without taking any form of retaliation or discrimination.
  • COOPERATE IN ANY INVESTIGATION: Fully contribute to IT ERA in any investigations related to information security, environmental requirements, bribery, and corruption

Consequences of not complying with the established policy.

  • We reserve the right to conduct audits, periodic assessments or due diligence on our suppliers to verify their compliance with this policy, its standards and to assess their risk of involvement in bribery and corruption activities or the nature and scale of any relevant transaction, project, activity or relationship. Where It Era identifies more than a low bribery risk, determines whether the supplier has anti-bribery controls in place, where it does not have, or is not possible to verify if it does, where possible, we request that they be implemented. Itera is not required to verify full compliance with these requirements by the uncontrolled provider, however, it verifies that it has relevant policies in place.
  • Failure to comply with this policy may result in corrective action or, in serious cases such as bribery by, or on behalf of, or for the benefit of the supplier, or if the risks involved are unacceptably high and cannot be reduced by other means, then the transaction, project, business activity or relationship as soon as possible with your organization, as well as in legal action as appropriate.

Validity

  • This policy is effective immediately and compliance with it is mandatory for all parties involved.
  • We are committed to continuously reviewing and improving this policy to verify its adequacy with the real way of doing business of Itera and to remain aligned with changes in legislation, best practices and the highest standards in services, safety, quality, environment and anti-bribery. Our suppliers are expected to review and accept any updates to this policy.
  • We appreciate your partnership in realizing, maintaining, and promoting these shared goals and values. Any questions or concerns about this policy should be directed to our company’s legal area.