Information Security Guidelines for Third Parties

Confidential Information: Third Party shall (i) use fully reasonable efforts to maintain the confidentiality of the information, extracts, statements, reports, records and materials, whether oral or visual, written or in any form whatsoever, of INTECH that may be reasonably understood, from legends, the nature of such information itself and/or the circumstances of such information’s disclosure, to be confidential and/or proprietary thereto or to third parties to which it owes a duty of nondisclosure (collectively, “Confidential Information”); (ii) take reasonable action in connection therewith, including without limitation at least the action that each takes to protect the confidentiality of its comparable proprietary assets; (iii) to the extent within its respective possession and/or control, upon the termination of this Agreement for any reason, immediately return to INTECH thereof all Confidential Information not licensed or authorized to be used or enjoyed after termination or expiration hereof, and (iv) with respect to any person to which disclosure is contemplated.

Integrity: This ensures that data isn’t modified in unauthorized ways. To guarantee integrity, third parties should be able to demonstrate that they have controls in place to protect information from unauthorized modification.

Availability –Information should only be available when needed and only to those who are authorized to access it. Third Parties should be able to validate how they prevent and handle downtime and interruptions.

GUIDELINES

  • Third parties must need to sign the INTECH Non-Disclosure Agreement where the exchange of confidential data is applicable.
  • Third parties must need to comply with all clauses mentioned in NDA (if applicable).
  • Third parties should ensure appropriate information security practices throughout the supply chain.
  • INTECH expects its third parties to take all necessary measures to protect confidential information and deploy all controls including but not limited to the deployment of endpoint security controls (e.g. antivirus, anti-malware, patch management), conducting regular risk assessment exercises, implementing email security controls (DKIM, SPF, ATP, DMARC), compliance of all regulatory and local laws, implementation of access rights, the right use of copyright material, avoidance the use of pirated and freeware software, data classification and labelling technique.
  • Third parties are expected to share the list of security controls which have been implanted in their organization on a regular or at least once a year basis.
  • Third parties must provide evidence about what measures they are taking to make sure the confidentiality, integrity, and availability of INTECH data in their possession. (If applicable).
  • Third parties must take necessary measures to protect INTECH PII. INTECH data must ONLY be used for the purpose mentioned in NDA.
  • In case of any incident, third party must need to comply with incident handling clauses mentioned in NDA.
  • INTECH may request a risk assessment audit report from third parties if required. INTECH may verify the evidence by taking remote or physical audits if deemed necessary.

Communication Channel

If anyone wants to contact the INTECH Information security team or to notify any incident, feel free to contact us at:

cybersec@intechww.com

Back To Top