Skip to main content
All CollectionsSecurity & Privacy
Third-Party Security Policy
Third-Party Security Policy
Tyler Bryden avatar
Written by Tyler Bryden
Updated over 7 months ago

1. Purpose and Scope

The purpose of this Third-Party Security Policy is to establish guidelines and procedures for managing the security risks associated with third-party vendors, partners, and service providers ("third parties") who have access to Speak Ai Inc.'s ("Speak Ai") information systems and data. This policy applies to all third-party relationships that involve access to Speak Ai's systems, networks, or data.

2. Policy Statement

Speak Ai is committed to ensuring the security and integrity of its information assets by implementing rigorous security controls for third-party relationships. This policy outlines the requirements for assessing, managing, and monitoring the security practices of third parties to protect Speak Ai's data and systems.

3. Third-Party Risk Assessment

  • Initial Assessment: Before engaging with a third party, a thorough risk assessment will be conducted to evaluate their security practices, policies, and potential impact on Speak Ai's security posture. This includes reviewing their compliance with relevant security standards and regulations.

  • Ongoing Assessment: Third parties will be subject to periodic security assessments to ensure ongoing compliance with Speak Ai's security requirements. The frequency and scope of these assessments will be based on the level of access and risk associated with the third party.

4. Security Requirements for Third Parties

  • Contractual Agreements: All third parties must sign a contractual agreement that includes specific security requirements and obligations. These agreements will outline the third party's responsibilities for protecting Speak Ai's data and systems, including compliance with relevant security policies and standards.

  • Access Control: Third parties will be granted access to Speak Ai's systems and data based on the principle of least privilege. Access will be restricted to the minimum necessary to perform their duties and will be regularly reviewed and adjusted as needed.

  • Data Protection: Third parties must implement appropriate measures to protect the confidentiality, integrity, and availability of Speak Ai's data. This includes encrypting data at rest and in transit, as well as ensuring secure data handling and storage practices.

5. Monitoring and Auditing

  • Activity Monitoring: Speak Ai will monitor third-party activities on its systems and networks to detect any unauthorized access or suspicious behaviour. Automated tools and manual reviews will be used to ensure compliance with security policies.

  • Regular Audits: Third parties will be subject to regular security audits to verify their adherence to Speak Ai's security requirements. Audit results will be reviewed, and any identified issues will be addressed promptly.

6. Incident Response

  • Incident Reporting: Third parties are required to report any security incidents or breaches involving Speak Ai's data or systems immediately upon discovery. Incident reports should include a description of the incident, affected systems, and any actions taken.

  • Response Coordination: Speak Ai will work with third parties to investigate and resolve security incidents. This includes coordinating response efforts, conducting root cause analysis, and implementing corrective actions to prevent recurrence.

7. Termination of Access

  • End of Engagement: Upon the termination of the third-party relationship, all access to Speak Ai's systems and data will be revoked. Third parties must return or securely destroy any Speak Ai data in their possession and provide confirmation of such actions.

  • Post-Termination Review: A post-termination review will be conducted to ensure that all access has been properly revoked and that no data remains with the third party.

8. Compliance and Enforcement

  • Policy Compliance: Compliance with this policy is mandatory for all third parties. Non-compliance may result in the termination of the third-party relationship and potential legal actions.

  • Enforcement: Speak Ai reserves the right to enforce this policy through audits, assessments, and monitoring activities. Third parties must cooperate with these efforts to ensure compliance.

9. Roles and Responsibilities

  • Vendor Management Team: Responsible for overseeing third-party relationships, conducting risk assessments, and ensuring compliance with this policy.

  • IT Security Team: Responsible for monitoring third-party activities, coordinating incident response efforts, and conducting security audits.

  • Third Parties: Responsible for adhering to Speak Ai's security requirements, reporting security incidents, and cooperating with audits and assessments.

10. Policy Review

This policy will be reviewed annually or as needed to ensure its effectiveness and alignment with industry best practices and regulatory requirements. Changes to the policy will be communicated to all third parties.

11. Contact Information

For any inquiries or issues related to this Third-Party Security Policy, please contact the Vendor Management Team at [email protected].

Did this answer your question?