This message was posted by a user wishing to remain anonymous
We treat policies and NDAs separately. For policies, it depends in part on how we have risk rated the vendor. With a high risk vendor we'll ask annually whether they've updated their policies and, if so, request a copy.
For NDAs, it depends upon the particulars of the NDA itself. For instance, some NDAs specify time periods during which they are active. Once that period passes then we'd need a new NDA. We may also ask for an updated NDA if (1) the vendor's legal form changes (through an acquisition or name change) or (2) if the services or goods the vendor provides changes and the NDA references the original goods or services only.
Original Message:
Sent: 08-31-2022 02:58 PM
From: Anonymous Member
Subject: Documentation
This message was posted by a user wishing to remain anonymous
How often do you request an updated Privacy Policy, Non Disclosure Confidentiality Agreement and an Information Security Program Policy? Thanks