RELIANOID Third-Party Risk Management Policy

Last Reviewed: 14th April 2025
Next Review Due: 14th April 2026
(Public Summary)

Purpose

As a trusted provider of high-availability and secure load balancing solutions, RELIANOID recognizes that third-party service providers, suppliers, and partners play a key role in delivering and supporting our operations. This Third-Party Risk Management (TPRM) Policy outlines how we assess, monitor, and manage risks related to external parties that process data, deliver components, or influence our services.

Scope

This policy applies to:

  • Vendors and suppliers providing software, cloud, infrastructure, or support services
  • Business partners with access to customer or operational data
  • Contractors or managed service providers engaged in RELIANOID’s operations

Vendor Risk Assessment

Before engaging any third party, RELIANOID performs a risk assessment that includes:

  • Security posture evaluation (e.g., certifications like ISO 27001, SOC 2)
  • Data access scope and sensitivity
  • Operational impact analysis (availability, dependency, criticality)
  • Compliance alignment with GDPR, NIS2, DORA, or other applicable standards

Only vendors meeting our minimum security and compliance criteria are approved.

Contractual Safeguards

Every vendor relationship includes:

  • Data Processing Agreements (DPAs) where required
  • Confidentiality clauses
  • Clear responsibilities regarding data protection, incident notification, and compliance

Ongoing Monitoring

We maintain a third-party register and regularly monitor:

  • Vendor certifications (e.g., renewal of ISO/SOC reports)
  • Performance and SLA adherence
  • Security incidents and disclosures
  • Regulatory updates that may affect third-party services

Critical vendors are reviewed at least annually or after any major incident.

Incident Management and Escalation

In the event of a security breach or disruption involving a third party:

  • RELIANOID will coordinate with the vendor to assess impact
  • Affected customers will be notified promptly
  • Findings will inform risk reassessments and mitigation plans

Termination and Offboarding

When a third-party relationship ends:

  • Access rights are revoked
  • Data is securely deleted or returned in compliance with the DPA
  • The vendor is removed from RELIANOID’s active supplier list

Final Statement

RELIANOID’s Third-Party Risk Management Policy demonstrates our commitment to operational resilience and supply chain security. Our thorough assessment, monitoring, and vendor management practices are designed to ensure service continuity, safeguard client data, and maintain compliance — fully aligned with the Digital Operational Resilience Act (DORA) principles.

Document Reviews

DateComment
14th April 2025Document creation

Contact and Assurance

We welcome requests for detailed security documentation, risk mapping matrices, or compliance disclosures.

Contact our Compliance & Security Team

Download Latest Security Report