Vendor Risk Assessment Policy for ShowsHappening

No access

For the time being vendors do not get access to ShowsHappening’s sensitive client data (our database). Vendors communicate with our system with our API.

Contractual Requirements All contracts with vendors must include appropriate security clauses to ensure that vendors comply with ShowsHappening's information security policies and procedures. These clauses will include requirements for security assessments, access controls, and incident response.

Ongoing Monitoring ShowsHappening will monitor vendors on an ongoing basis to ensure that they continue to comply with its information security policies and procedures. Monitoring may include periodic security assessments, compliance audits, and ongoing reviews of vendor performance.

1. Compliance ShowsHappening is committed to complying with all relevant regulations, laws, and standards. This policy will be reviewed and updated periodically to ensure that it complies with any changes in regulations or industry standards.
2. Policy Enforcement Failure to comply with this policy may result in termination of the vendor relationship or other appropriate action. Any suspected violations of this policy should be reported to the employee's manager or the Chief Information Officer (CIO).
3. Policy Review This policy will be reviewed annually to ensure that it is still relevant and effective. Any changes to this policy must be approved by the CIO or their delegate.