Policies – Information Security Policy for Suppliers and Third Parties

1. Objective

Ensure that any relationship with suppliers and, in particular, with those who have access to information from IT ERA, is duly protected based on the corresponding agreements and contracts, regardless of the service provided or relationship that joins you with IT ERA (in a contractual or other non-employment manner).

2. Scope

This document applies to all providers and third parties that provide service to IT ERA in order to preserve the confidentiality, integrity and availability of information security.

3. Information Security Policy for Suppliers and Third Parties

Confidential Information:

All information, documentation, organizational systems and/or applications, business strategies and activities related to IT ERA to which the provider or third parties have access will be considered confidential information.

Information Sharing:

Any information assets made by the provider/third parties and IT ERA will be generated within the framework of the corresponding service provision contract and the Non-Disclosure Agreement (NDA), understood as “CONFIDENTIALITY AGREEMENT”, as well as the applicable security guidelines.

IT ERA has the document named “SUPPLIER CONTRACT”, either for moral and/or physical personnel, in which reference to confidential information in clause SEVENTH (CONFIDENTIAL INFORMATION).

Appropriate use of IT ERA resources:

Service providers and third parties undertake at all times to use IT ERA corporate resources to which they have access, in accordance with the policies such as: Information Security Policy for Suppliers and Third Parties, Information Security Policy and Anti-bribery Policy, These policies can be found on the page “https://iteraprocess.com /”.

User Responsibilities:

Suppliers and third parties must ensure at all times that personnel using confidential information of IT ERA for the development of its functions and/or roles, be duly safeguarded and protected.

4. Anti-Bribery Policy

When working with business partners/businesses, vendors, third parties or any outsiders involved with IT ERA, you must comply with Anti-Bribery Policy or “Anti-Bribery Notice”.

IT ERA features