External Service Provider Review – Cloud/Data hosting Services only

Cyber and data security are a risk to businesses, driven by global connectivity and usage of cloud services. External Service Provider Review applies to any Infineum purchase of cloud computing/external data hosting services, from a source outside of Infineum, including Pilot implementation.

Use of cloud computing & external data hosting services must comply with all current laws, Infineum policies and risk management practices

All use of cloud computing services must go through the External Service Provider Review (ESPR) as part of the Procurement process and Project management methodology.

IT Cybersecurity will certify the security and IT management requirements. Legal will certify the privacy requirement, and that all three of these requirements have been adequately addressed prior to approving use of cloud computing and external data hosting services.

Information shared by Infineum with current or potential Suppliers is kept secure and fully confidential.

The purpose of this checklist is to evaluate our Supplier’s cybersecurity management by covering key topics that help limit the risk and impact of a cybersecurity attack.

External Service Provider Review

Infineum ESPR Questionnaire
27/04/2022 (xlsx 0.41mb)