àËÅöÊÓƵ

àËÅöÊÓƵ suppliers play an important role in protecting àËÅöÊÓƵ’s data and information assets. When selecting and working with suppliers, it is important for all àËÅöÊÓƵ organizations to manage cybersecurity risks related to suppliers. This page outlines some important responsibilities for all àËÅöÊÓƵ organizations.

Include all Relevant Agreements and Appendixes: Supplier contracting plans must include the appropriate agreements and appendices to ensure security, compliance, and privacy of àËÅöÊÓƵ data. The Business Procedures Manual, Section 3.4.4 applies when a supplier will or will be able to access, collect, process, or maintain àËÅöÊÓƵ data or other critical information. It is also applies when a supplier will or will be able to access and/or provide mission-critical IT Resources. Additionally, the IT Handbook and the Supplier Management: A àËÅöÊÓƵ IT Handbook Companion Guide addresses the technical requirements affecting both the àËÅöÊÓƵ and the suppliers under consideration.

Ensure Suppliers Meet Requirements: Select a supplier that meets compliance requirements, including security and privacy. Before executing a supplier contract, make sure the supplier clearly understands àËÅöÊÓƵ’s cybersecurity requirements and provides an acceptable plan for protecting àËÅöÊÓƵ data and information assets. Select a supplier by considering a broad range of functional and performance capacities, including the ability to protect àËÅöÊÓƵ’s data and information assets and execute supplier responsibilities as defined within the àËÅöÊÓƵ Cybersecurity Standard. àËÅöÊÓƵ organizations must include cybersecurity planning in the entire supplier lifecycle. Consult your local cybersecurity professional or contact cybersecurity@usg.edu should you have questions.

Leverage Procurement Services: Procurement Services guides the supplier selection process by helping àËÅöÊÓƵ organizations follow the correct procurement and contracting process. For example, checklists have been provided to aid in the contracting process. Also provided are FAQs to address the most common questions. To learn more about àËÅöÊÓƵ contract language including data security and privacy terms and conditions, contract routing form example, and contract flow diagrams, please visit the (credentials required). If you have additional questions, please contact contracts@usg.edu.