Initial Assessment: Before engaging with a third party, a thorough risk assessment will be conducted to evaluate their security practices, policies, and potential impact on Speak Ai's security posture. This includes reviewing their compliance with relevant security standards and regulations.

Ongoing Assessment: Third parties will be subject to periodic security assessments to ensure ongoing compliance with Speak Ai's security requirements. The frequency and scope of these assessments will be based on the level of access and risk associated with the third party.

Contractual Agreements: All third parties must sign a contractual agreement that includes specific security requirements and obligations. These agreements will outline the third party's responsibilities for protecting Speak Ai's data and systems, including compliance with relevant security policies and standards.

Access Control: Third parties will be granted access to Speak Ai's systems and data based on the principle of least privilege. Access will be restricted to the minimum necessary to perform their duties and will be regularly reviewed and adjusted as needed.

Data Protection: Third parties must implement appropriate measures to protect the confidentiality, integrity, and availability of Speak Ai's data. This includes encrypting data at rest and in transit, as well as ensuring secure data handling and storage practices.

Activity Monitoring: Speak Ai will monitor third-party activities on its systems and networks to detect any unauthorized access or suspicious behaviour. Automated tools and manual reviews will be used to ensure compliance with security policies.

Regular Audits: Third parties will be subject to regular security audits to verify their adherence to Speak Ai's security requirements. Audit results will be reviewed, and any identified issues will be addressed promptly.

Incident Reporting: Third parties are required to report any security incidents or breaches involving Speak Ai's data or systems immediately upon discovery. Incident reports should include a description of the incident, affected systems, and any actions taken.

Response Coordination: Speak Ai will work with third parties to investigate and resolve security incidents. This includes coordinating response efforts, conducting root cause analysis, and implementing corrective actions to prevent recurrence.

End of Engagement: Upon the termination of the third-party relationship, all access to Speak Ai's systems and data will be revoked. Third parties must return or securely destroy any Speak Ai data in their possession and provide confirmation of such actions.

Post-Termination Review: A post-termination review will be conducted to ensure that all access has been properly revoked and that no data remains with the third party.

Policy Compliance: Compliance with this policy is mandatory for all third parties. Non-compliance may result in the termination of the third-party relationship and potential legal actions.

Enforcement: Speak Ai reserves the right to enforce this policy through audits, assessments, and monitoring activities. Third parties must cooperate with these efforts to ensure compliance.

Vendor Management Team: Responsible for overseeing third-party relationships, conducting risk assessments, and ensuring compliance with this policy.

IT Security Team: Responsible for monitoring third-party activities, coordinating incident response efforts, and conducting security audits.

Third Parties: Responsible for adhering to Speak Ai's security requirements, reporting security incidents, and cooperating with audits and assessments.