Policy, Program and Procedures

 View Only
  • 1.  How to categorize vendors

    This message was posted by a user wishing to remain anonymous
    Posted 02-07-2022 01:28 PM
    This message was posted by a user wishing to remain anonymous

    What are some different ways to identify ways to best categorize vendors who access internal proprietary data and/or confidential employee data (not member or customer data)

  • 2.  RE: How to categorize vendors

    Posted 02-17-2022 11:02 AM

    Hi there

    To keep this simple, you can begin by identifying any vendor with access to sensitive or confidential information. The first category is for your customer data, but from there, you could use these categories:

    Sensitive Company Information:
    Employee information retained by the company which is privileged, regulated, proprietary data, or highly-sensitive financial information.

    Confidential Company Information:

    Information is restricted to the individuals, management, or administrators; Unauthorized access could influence the company's operational/security effectiveness or cause material financial loss, provide a significant gain to a competitor, or cause a significant drop in customer confidence.

    This category includes all data/documents that are sensitive or confidential, including company emails, employee compensation, or benefits. Network architecture, hardware/ server configurations, or user Ids. Trade secrets, financial data, or other information could compromise the company, impact our earnings or reduce our competitiveness.

    I hope that is helpful, but I would love to hear from other members.