RELIANOID Third-Party Risk Management Policy

Last Reviewed: 14th April 2025
Next Review Due: 14th April 2026
Status: RELIANOID maintains a security-first approach to vendor selection, ensuring that customer data and infrastructure remain protected throughout the supply chain.
(Public Summary)

Purpose

As a trusted provider of high-availability and secure load balancing solutions, RELIANOID recognizes that third-party service providers, suppliers, and partners play a key role in delivering and supporting our operations. This Third-Party Risk Management (TPRM) Policy outlines how we assess, monitor, and manage risks related to external parties that process data, deliver components, or influence our services.

Scope

This policy applies to:

  • Vendors and suppliers providing software, cloud, infrastructure, or support services
  • Business partners with access to customer or operational data
  • Contractors or managed service providers engaged in RELIANOID’s operations

Vendor Risk Assessment

Before engaging any third party, RELIANOID performs a risk assessment that includes:

  • Security posture evaluation (e.g., certifications like ISO 27001, SOC 2)
  • Data access scope and sensitivity
  • Operational impact analysis (availability, dependency, criticality)
  • Compliance alignment with GDPR, NIS2, DORA, or other applicable standards

Only vendors meeting our minimum security and compliance criteria are approved.

Contractual Safeguards

Every vendor relationship includes:

  • Data Processing Agreements (DPAs) where required
  • Confidentiality clauses
  • Clear responsibilities regarding data protection, incident notification, and compliance

Ongoing Monitoring

We maintain a third-party register and regularly monitor:

  • Vendor certifications (e.g., renewal of ISO/SOC reports)
  • Performance and SLA adherence
  • Security incidents and disclosures
  • Regulatory updates that may affect third-party services

Critical vendors are reviewed at least annually or after any major incident.

Incident Management and Escalation

In the event of a security breach or disruption involving a third party:

  • RELIANOID will coordinate with the vendor to assess impact
  • Affected customers will be notified promptly
  • Findings will inform risk reassessments and mitigation plans

Termination and Offboarding

When a third-party relationship ends:

  • Access rights are revoked
  • Data is securely deleted or returned in compliance with the DPA
  • The vendor is removed from RELIANOID’s active supplier list

Contact

If you have questions about RELIANOID’s third-party risk practices please contact us.