{"id":2298,"date":"2025-12-16T17:28:21","date_gmt":"2025-12-16T17:28:21","guid":{"rendered":"https:\/\/bpmconsulting.com.co\/supplier-relationship-security-policy\/"},"modified":"2026-04-29T19:21:34","modified_gmt":"2026-04-29T19:21:34","slug":"supplier-relationship-security-policy","status":"publish","type":"page","link":"https:\/\/bpmconsulting.com.co\/en\/supplier-relationship-security-policy\/","title":{"rendered":"Supplier Relationship Security Policy"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"2298\" class=\"elementor elementor-2298\" data-elementor-settings=\"{&quot;ha_cmc_init_switcher&quot;:&quot;no&quot;,&quot;element_pack_global_tooltip_width&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;element_pack_global_tooltip_width_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;element_pack_global_tooltip_width_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;element_pack_global_tooltip_padding&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;top&quot;:&quot;&quot;,&quot;right&quot;:&quot;&quot;,&quot;bottom&quot;:&quot;&quot;,&quot;left&quot;:&quot;&quot;,&quot;isLinked&quot;:true},&quot;element_pack_global_tooltip_padding_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;top&quot;:&quot;&quot;,&quot;right&quot;:&quot;&quot;,&quot;bottom&quot;:&quot;&quot;,&quot;left&quot;:&quot;&quot;,&quot;isLinked&quot;:true},&quot;element_pack_global_tooltip_padding_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;top&quot;:&quot;&quot;,&quot;right&quot;:&quot;&quot;,&quot;bottom&quot;:&quot;&quot;,&quot;left&quot;:&quot;&quot;,&quot;isLinked&quot;:true},&quot;element_pack_global_tooltip_border_radius&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;top&quot;:&quot;&quot;,&quot;right&quot;:&quot;&quot;,&quot;bottom&quot;:&quot;&quot;,&quot;left&quot;:&quot;&quot;,&quot;isLinked&quot;:true},&quot;element_pack_global_tooltip_border_radius_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;top&quot;:&quot;&quot;,&quot;right&quot;:&quot;&quot;,&quot;bottom&quot;:&quot;&quot;,&quot;left&quot;:&quot;&quot;,&quot;isLinked&quot;:true},&quot;element_pack_global_tooltip_border_radius_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;top&quot;:&quot;&quot;,&quot;right&quot;:&quot;&quot;,&quot;bottom&quot;:&quot;&quot;,&quot;left&quot;:&quot;&quot;,&quot;isLinked&quot;:true}}\" data-elementor-post-type=\"page\">\n\t\t\t\t<div class=\"elementor-element elementor-element-2ed96c9 banner e-flex e-con-boxed e-con e-parent\" data-id=\"2ed96c9\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;,&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-d108808 e-con-full e-flex e-con e-child\" data-id=\"d108808\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;video&quot;,&quot;background_video_link&quot;:&quot;https:\\\/\\\/www.youtube.com\\\/watch?v=t09PHRnfMbA&quot;,&quot;background_play_on_mobile&quot;:&quot;yes&quot;,&quot;_ha_eqh_enable&quot;:false}\">\n\t\t<div class=\"elementor-background-video-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-background-video-embed\" role=\"presentation\"><\/div>\n\t\t\t\t\t\t<\/div><div class=\"elementor-element elementor-element-6677d33 e-con-full e-flex e-con e-child\" data-id=\"6677d33\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-65e80ba elementor-widget elementor-widget-heading\" data-id=\"65e80ba\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">BPM Consulting<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a34f4b4 elementor-widget elementor-widget-heading\" data-id=\"a34f4b4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Supplier Relationship Security Policy<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-ae63c52 e-flex e-con-boxed e-con e-parent\" data-id=\"ae63c52\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-25a36c3 elementor-widget elementor-widget-text-editor\" data-id=\"25a36c3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<table><tbody><tr><td width=\"114\"><strong>OBJECTIVE:<\/strong><\/td><td width=\"481\"><p><br \/>To establish the guidelines related to Information Security management that must be complied with by suppliers providing products\/services to the organization.<\/p><\/td><\/tr><tr><td width=\"114\"><p><strong><b>SCOPE<\/b>:<\/strong><\/p><\/td><td width=\"481\"><p><br \/>Applies to all products\/services delivered by suppliers that may affect the confidentiality, integrity, and availability of BPM Consulting SAS information\/services. This includes cloud service providers, ICT services, ICT infrastructure components, computer equipment, information systems, platforms, applications, surveillance and security services, public utilities, and maintenance of physical infrastructure.<\/p><p>f\u00edsica.<\/p><\/td><\/tr><tr><td width=\"114\"><p><b>ASSOCIATED DOCUMENTS:\u00a0<\/b><\/p><\/td><td width=\"481\"><p><br \/>Logical Access Control Policy Physical Access Control<\/p><p>Policy Information Transfer Policy Backup and Information Transfer Procedure Change Management Procedure<\/p><p>Confidentiality Agreement<\/p><\/td><\/tr><\/tbody><\/table><p><span style=\"font-weight: 400;\"><strong>Asset:<\/strong> Anything that has significant value for the organization. Among an organization\u2019s assets are hardware, software, electronic or physical documents, infrastructure, services, personnel, among others. The term Asset is synonymous with Information Asset.<\/span><\/p><p><span style=\"font-weight: 400;\"><strong>Confidentiality:<\/strong> The property of safeguarding the information asset from unauthorized persons, processes, or entities.<\/span><\/p><p><span style=\"font-weight: 400;\"><strong>Availability:<\/strong> The property of ensuring that the information asset is accessible and usable when required by authorized persons, processes, or entities.<\/span><\/p><p><span style=\"font-weight: 400;\"><strong>Integrity:<\/strong> The property of safeguarding the accuracy and completeness of the information asset, according to the different processing methods to which it may be exposed.<\/span><\/p><p><span style=\"font-weight: 400;\"><strong>Service Level Agreements (SLAs)<\/strong>: A written agreement between a service provider and its client for the purpose of establishing the agreed level of service quality. The SLA is a tool that helps both parties reach a consensus regarding the level of service quality in aspects such as response time, service availability, available documentation, personnel assigned to the service, etc.<\/span><\/p><p><strong>Scope of Service Delivery and SLA Definition<\/strong><\/p><ul><li><span style=\"font-weight: 400;\">The contract signed between the parties must define the types of components and services provided by the supplier that may affect the confidentiality, integrity, and availability of the organization\u2019s information and\/or services.<\/span><\/li><li><span style=\"font-weight: 400;\">BPM Consulting and the supplier must clearly and explicitly define the technical, operational, information handling (including periodic backups, end-of-service backup, secure deletion, data transfer), administrative (e.g., periodic report delivery, follow-up meetings, periodic review of security controls), and personnel Service Level Agreements necessary to address the provision\/delivery of the products\/services that the supplier will provide to the organization. These SLAs must be documented in the contract or in annexes that form an integral part of it.<\/span><\/li><li><span style=\"font-weight: 400;\">In defining the scope of the service, BPM Consulting and the supplier must determine, according to the type of service to be provided, access to:<\/span><ul><li><span style=\"font-weight: 400;\">Sensitive customer information \/ customer user information \/ private or confidential company information.<\/span><\/li><li><span style=\"font-weight: 400;\">Sensitive physical\/logical infrastructure that impacts BPM Consulting\u2019s service delivery or the organization\u2019s internal operations.<\/span><\/li><\/ul><\/li><\/ul><p>\u00a0<\/p><p><span style=\"font-weight: 400;\">These definitions must be part of the scope indicated in the contract or its technical annexes and must provide clarity regarding the information, ICT services, and physical infrastructure that the supplier may access, use, and\/or manage, as applicable. BPM Consulting\u2019s logical access control and physical access control policies must be followed, as applicable.<\/span><\/p><ul><li><span style=\"font-weight: 400;\">Any installation, configuration, or maintenance carried out by suppliers on the company\u2019s technological infrastructure, such as servers, network equipment, support equipment, structured cabling, power systems, among others, must comply with the requirements established by the Technology and Infrastructure Management and the Administrative and Financial Management (for maintenance of the physical facilities infrastructure). These areas will be responsible for verifying and validating such configurations and\/or maintenance, as well as reporting weaknesses and opportunities for improvement. In applicable cases, BPM Consulting must follow the guidelines established in the organization\u2019s Change Management procedure.<\/span><\/li><\/ul><p>\u00a0<\/p><p><strong>Use of Information and Resources<\/strong><\/p><ul><li><span style=\"font-weight: 400;\">The supplier must include the appropriate confidentiality clause in its contract and must also sign the \u201cConfidentiality Agreement\u201d document provided by BPM Consulting.<\/span><\/li><li><span style=\"font-weight: 400;\">All confidential information of the organization that must be exchanged or transferred by the supplier must be handled securely, using encryption mechanisms, through secure means authorized by the Technology and Infrastructure Manager. The guidelines established in BPM Consulting\u2019s Information Transfer Policy must be followed.<\/span><\/li><li><span style=\"font-weight: 400;\">The supplier is responsible for maintaining the confidentiality of BPM Consulting\u2019s information accessed by its employees and must maintain non-disclosure agreements with them. Access by these employees is defined as temporary, and therefore there is no ownership right or right to copy such information. Accordingly, the supplier must return all information provided by BPM Consulting immediately after the completion of the tasks that originated the temporary use of the information and, in any case, upon termination of the contractual relationship.<\/span><\/li><li><span style=\"font-weight: 400;\">If the supplier requires information from BPM Consulting\u2019s information systems\/platforms beyond what is authorized or established in the contractual agreement, or unrelated to the purpose of its service, it must notify the Technology and Infrastructure Manager by email, who will process the request according to the definitions of the logical access control policy. In cases of physical information, it is at the discretion of the information asset owner to grant the relevant access. Nevertheless, a written record of the request and response must be kept and shared with the Security Officer.<\/span><\/li><li><span style=\"font-weight: 400;\">If the supplier requires access to BPM Consulting tools or technological assets, it must submit a security exception request through the asset owner. This request must be documented in writing with the corresponding response (approval\/denial) and in accordance with the logical access control policy guidelines.<\/span><\/li><li><span style=\"font-weight: 400;\">BPM Consulting expressly prohibits the use of resources provided by the organization for activities unrelated to the contracted service. Likewise, it prohibits connecting to the company\u2019s network any type of malware (programs, macros, etc.), logical devices, physical devices, or any other type of command sequence that causes or may cause any type of alteration or damage to computer resources and information systems.<\/span><\/li><\/ul><p>\u00a0<\/p><p><strong>Risk Management and Treatment<\/strong><\/p><ul><li><span style=\"font-weight: 400;\">BPM Consulting will request from the supplier the definitions established for the treatment of its information security risks associated with the contracted products\/services, as well as those risks related to its supply chain (including people as a component of risk), which may affect the continuity, availability, and integrity of the information and the service provided. This is intended to validate that the supplier has considered the risks in its value chain that may impact the proper delivery of the services contracted by the organization.<\/span><\/li><li><span style=\"font-weight: 400;\">BPM Consulting may suggest actions or controls based on the results of the operation of the contracted\/delivered services.<\/span><\/li><\/ul><p>\u00a0<\/p><p><b>Incident Management, Functional and Hierarchical Escalation<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The supplier providing services related to information storage, communication, technological infrastructure (physical\/logical), platforms, or information systems must establish and document procedures for security incident management. These procedures must be communicated in writing to BPM Consulting so that the organization clearly understands the defined mechanisms for notification, escalation, response times, resolution times, and points of contact (contact person, phone number, and\/or email address) for incident management.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The supplier must report, within no more than 24 hours after identifying the incident, to the Technology and Infrastructure Manager, as well as to BPM Consulting\u2019s Security Officer, any suspicious event or information security incident that compromises the confidentiality, availability, and integrity of the service provided by the suppliers and\/or the information owned by BPM Consulting, its clients, and\/or users.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">BPM Consulting may request reports or evidence that allow understanding of the incident, validation of the treatment and solution provided, as well as the lessons learned identified during the incident management process. Such evidence must be retained for a minimum period of 6 months and, if necessary, the supplier will be required to implement an incident response plan to reduce the likelihood of recurrence or similar events.<\/span><\/li><li><span style=\"font-weight: 400;\">In the case of major incidents, in addition to functional escalation, the supplier must provide at the beginning of the contractual relationship the contact details of the employees to whom BPM Consulting should direct immediate handling of situations (e.g., Project Manager, IT Manager, Deputy Manager, Manager<\/span><span style=\"font-weight: 400;\">).<\/span><\/li><\/ul><p>\u00a0<\/p><p><b>Secure Information Deletion<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Where applicable and according to the scope of the contracted service, the supplier must guarantee the secure deletion of information owned by BPM Consulting in accordance with the SLAs established between the parties. This deletion must be carried out once the contractual relationship ends and additionally upon the express request of BPM Consulting at any time during the relationship. In all cases, the supplier must provide a report demonstrating evidence of deletion with the corresponding dates (e.g., logs, screenshots).<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Prior to secure deletion, the supplier must guarantee the delivery of a complete backup copy of all information to BPM Consulting. The medium used for delivering this copy shall be agreed upon by both parties.<\/span><\/li><\/ul><p>\u00a0<\/p><p><strong>\u00a0Business Continuity<\/strong><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">To ensure the availability of the contracted service, the supplier must have a duly documented, tested, and updated service continuity plan (at least once a year), which must be available whenever BPM Consulting considers it necessary to request and review it.<\/span><\/li><\/ul><p>\u00a0<\/p><p><b>Fines, Sanctions, and Penalties<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">BPM Consulting will transfer the fines, sanctions, and\/or penalties imposed by its clients resulting from non-compliance with any of the SLAs agreed upon with the supplier, which affect the confidentiality, integrity, and availability of the service and\/or the information of the organization\u2019s clients\/final users.<\/span><\/li><\/ul><p>\u00a0<\/p><p><b>\u00a0Access to Facilities<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">If the supplier needs to have employees working at BPM Consulting\u2019s offices to perform their duties, they must inform the Administrative and Financial Management by email several days in advance, indicating the reason for the visit, the dates and times of attendance at the facilities, the required IT equipment, access to restricted areas (if required for the work), the person or persons responsible for their stay at the facilities, as well as the corresponding identification of the people attending.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">These individuals must be properly identified during their stay at the Company\u2019s facilities by visibly carrying their identification, in compliance with BPM Consulting\u2019s Physical Access Control Security Policy<\/span><\/li><\/ul><p>\u00a0<\/p><p><b>Follow-up and Control Meetings, Supplier Audits<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">BPM Consulting will verify the security conditions implemented by the supplier, taking into account the scope of the contract and its annexes, through follow-up and control meetings agreed upon by both parties and carried out as part of contract management. As a result of these meetings, commitments may arise between the supplier and the client, which must be managed and processed in order to minimize risks and ensure the confidentiality, availability, and integrity of the information and\/or the services provided.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Likewise, BPM Consulting may conduct second-party audits in order to supervise compliance with the Information Security requirements established by the supplier, especially for those suppliers considered critical to the organization.<\/span><\/li><\/ul><p>\u00a0<\/p><p><b>\u00a0<\/b><b>Termination of the Contractual Relationship<\/b><\/p><p><span style=\"font-weight: 400;\">Upon conclusion of the contractual relationship, the employee responsible for managing and administering the contract must notify the Technology and Infrastructure Management, Administrative and Financial Management, and Human Talent and Culture Management of the termination of the contractual relationship, in order to ensure the following elements:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Removal of access rights<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Handling of information<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Ownership of intellectual property developed during the contractual relationship<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Portability of information in case of supplier change or internal resource transition (insourcing)<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Document management<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Return of assets<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Secure deletion of information and other associated assets<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Confidentiality requirements<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Supplier evaluation\/re-evaluation, as applicable<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Closure of billing processes, if necessary<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Completion of employee onboarding\/offboarding processes<\/span><\/li><\/ul><p>\u00a0<\/p><p><b>Data Processing<\/b><\/p><p><span style=\"font-weight: 400;\">As established by the Data Processing Policy available to stakeholders on the corporate website<\/span><a href=\"https:\/\/www.bpmconsulting.com.co\/\"> <span style=\"font-weight: 400;\">https:\/\/www.bpmconsulting.com.co\/<\/span><\/a><span style=\"font-weight: 400;\">, supplier data is processed for the following purposes: requesting goods or services, managing the delivery of purchased supplies, providing feedback on their performance, and managing payment activities.<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-weight: 400;\">\u00a0Disclosure of This Policy<\/span><\/p><p><span style=\"font-weight: 400;\">This policy will be available for consultation by stakeholders on the corporate website<\/span><a href=\"https:\/\/www.bpmconsulting.com.co\/\"> <span style=\"font-weight: 400;\">https:\/\/www.bpmconsulting.com.co\/<\/span><\/a><span style=\"font-weight: 400;\">. Notwithstanding the above, BPM Consulting will establish the communication channels it considers appropriate to provide each supplier with this document.<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-weight: 400;\">Petitions, Complaints, Claims, Requests, and Compliments<\/span><\/p><p><span style=\"font-weight: 400;\">BPM Consulting has made available, through its corporate website<\/span><a href=\"https:\/\/www.bpmconsulting.com.co\/\"> <span style=\"font-weight: 400;\">https:\/\/www.bpmconsulting.com.co\/<\/span><\/a><span style=\"font-weight: 400;\">, the PQRSF section so that suppliers may submit their requests as they deem appropriate. To identify the request, please indicate the word \u201csupplier\u201d in the subject field.<\/span><\/p><p><span style=\"font-weight: 400;\">Compliance with this policy is mandatory. In the event that employees and third parties do not adhere to it, the organization reserves the right to take the corresponding measures. Any employee who becomes aware of a violation of this policy must report it to their direct supervisor or to the Control, Improvement, and Innovation Manager.<\/span><\/p><p>\u00a0<\/p><table><tbody><tr><td colspan=\"3\" width=\"588\"><p>CHANGE CONTROL<\/p><\/td><\/tr><tr><td width=\"104\">VERSION<\/td><td width=\"170\"><p>APPROVAL DATE\u00a0<\/p><\/td><td width=\"315\">CHANGE CONTROL<\/td><\/tr><tr><td width=\"104\">01<\/td><td width=\"170\">16-11-2020<\/td><td width=\"315\">Policy creation<\/td><\/tr><tr><td width=\"104\">02<\/td><td width=\"170\">02-04-2024<\/td><td width=\"315\">Full document content update<\/td><\/tr><\/tbody><\/table>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>BPM Consulting OBJECTIVE: To establish the guidelines related to Information Security management that must be complied with by suppliers providing products\/services to the organization. SCOPE: Applies to all products\/services delivered by suppliers that may affect the confidentiality, integrity, and availability of BPM Consulting SAS information\/services. This includes cloud service providers, ICT services, ICT infrastructure components, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":11,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-2298","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.6 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Supplier Relationship Security Policy - BPM Consulting | Contact Center, BPO e IA en Colombia<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/bpmconsulting.com.co\/en\/supplier-relationship-security-policy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Supplier Relationship Security Policy\" \/>\n<meta property=\"og:description\" content=\"BPM Consulting OBJECTIVE: To establish the guidelines related to Information Security management that must be complied with by suppliers providing products\/services to the organization. SCOPE: Applies to all products\/services delivered by suppliers that may affect the confidentiality, integrity, and availability of BPM Consulting SAS information\/services. This includes cloud service providers, ICT services, ICT infrastructure components, [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/bpmconsulting.com.co\/en\/supplier-relationship-security-policy\/\" \/>\n<meta property=\"og:site_name\" content=\"BPM Consulting | Contact Center, BPO e IA en Colombia\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/bpmconsulting\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-29T19:21:34+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/bpmconsulting.com.co\\\/en\\\/supplier-relationship-security-policy\\\/\",\"url\":\"https:\\\/\\\/bpmconsulting.com.co\\\/en\\\/supplier-relationship-security-policy\\\/\",\"name\":\"Supplier Relationship Security Policy - BPM Consulting | Contact Center, BPO e IA en Colombia\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/bpmconsulting.com.co\\\/#website\"},\"datePublished\":\"2025-12-16T17:28:21+00:00\",\"dateModified\":\"2026-04-29T19:21:34+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/bpmconsulting.com.co\\\/en\\\/supplier-relationship-security-policy\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/bpmconsulting.com.co\\\/en\\\/supplier-relationship-security-policy\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/bpmconsulting.com.co\\\/en\\\/supplier-relationship-security-policy\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\\\/\\\/bpmconsulting.com.co\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Supplier Relationship Security Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/bpmconsulting.com.co\\\/#website\",\"url\":\"https:\\\/\\\/bpmconsulting.com.co\\\/\",\"name\":\"BPM Consulting | Contact Center, BPO e IA en Colombia\",\"description\":\"BPM Consulting es una empresa colombiana con 20 a\u00f1os de experiencia en Contact Center, BPO, IA, facturaci\u00f3n electr\u00f3nica y pasarela de pagos.\",\"publisher\":{\"@id\":\"https:\\\/\\\/bpmconsulting.com.co\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/bpmconsulting.com.co\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/bpmconsulting.com.co\\\/#organization\",\"name\":\"BPM Consulting Colombia\",\"url\":\"https:\\\/\\\/bpmconsulting.com.co\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/bpmconsulting.com.co\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/bpmconsulting.com.co\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Logo-BPM-Color.webp\",\"contentUrl\":\"https:\\\/\\\/bpmconsulting.com.co\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Logo-BPM-Color.webp\",\"width\":1501,\"height\":489,\"caption\":\"BPM Consulting Colombia\"},\"image\":{\"@id\":\"https:\\\/\\\/bpmconsulting.com.co\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/bpmconsulting\",\"https:\\\/\\\/www.instagram.com\\\/bpm_consulting_sas\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/bpm-consulting-sas\\\/\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCEI-ml12as7JbvfSW8fYOKg\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Supplier Relationship Security Policy - BPM Consulting | Contact Center, BPO e IA en Colombia","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/bpmconsulting.com.co\/en\/supplier-relationship-security-policy\/","og_locale":"en_US","og_type":"article","og_title":"Supplier Relationship Security Policy","og_description":"BPM Consulting OBJECTIVE: To establish the guidelines related to Information Security management that must be complied with by suppliers providing products\/services to the organization. SCOPE: Applies to all products\/services delivered by suppliers that may affect the confidentiality, integrity, and availability of BPM Consulting SAS information\/services. This includes cloud service providers, ICT services, ICT infrastructure components, [&hellip;]","og_url":"https:\/\/bpmconsulting.com.co\/en\/supplier-relationship-security-policy\/","og_site_name":"BPM Consulting | Contact Center, BPO e IA en Colombia","article_publisher":"https:\/\/www.facebook.com\/bpmconsulting","article_modified_time":"2026-04-29T19:21:34+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/bpmconsulting.com.co\/en\/supplier-relationship-security-policy\/","url":"https:\/\/bpmconsulting.com.co\/en\/supplier-relationship-security-policy\/","name":"Supplier Relationship Security Policy - BPM Consulting | Contact Center, BPO e IA en Colombia","isPartOf":{"@id":"https:\/\/bpmconsulting.com.co\/#website"},"datePublished":"2025-12-16T17:28:21+00:00","dateModified":"2026-04-29T19:21:34+00:00","breadcrumb":{"@id":"https:\/\/bpmconsulting.com.co\/en\/supplier-relationship-security-policy\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/bpmconsulting.com.co\/en\/supplier-relationship-security-policy\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/bpmconsulting.com.co\/en\/supplier-relationship-security-policy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/bpmconsulting.com.co\/en\/"},{"@type":"ListItem","position":2,"name":"Supplier Relationship Security Policy"}]},{"@type":"WebSite","@id":"https:\/\/bpmconsulting.com.co\/#website","url":"https:\/\/bpmconsulting.com.co\/","name":"BPM Consulting | Contact Center, BPO e IA en Colombia","description":"BPM Consulting es una empresa colombiana con 20 a\u00f1os de experiencia en Contact Center, BPO, IA, facturaci\u00f3n electr\u00f3nica y pasarela de pagos.","publisher":{"@id":"https:\/\/bpmconsulting.com.co\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/bpmconsulting.com.co\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/bpmconsulting.com.co\/#organization","name":"BPM Consulting Colombia","url":"https:\/\/bpmconsulting.com.co\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/bpmconsulting.com.co\/#\/schema\/logo\/image\/","url":"https:\/\/bpmconsulting.com.co\/wp-content\/uploads\/2025\/11\/Logo-BPM-Color.webp","contentUrl":"https:\/\/bpmconsulting.com.co\/wp-content\/uploads\/2025\/11\/Logo-BPM-Color.webp","width":1501,"height":489,"caption":"BPM Consulting Colombia"},"image":{"@id":"https:\/\/bpmconsulting.com.co\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/bpmconsulting","https:\/\/www.instagram.com\/bpm_consulting_sas\/","https:\/\/www.linkedin.com\/company\/bpm-consulting-sas\/","https:\/\/www.youtube.com\/channel\/UCEI-ml12as7JbvfSW8fYOKg"]}]}},"_hostinger_reach_plugin_has_subscription_block":false,"_hostinger_reach_plugin_is_elementor":false,"_links":{"self":[{"href":"https:\/\/bpmconsulting.com.co\/en\/wp-json\/wp\/v2\/pages\/2298","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bpmconsulting.com.co\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/bpmconsulting.com.co\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/bpmconsulting.com.co\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bpmconsulting.com.co\/en\/wp-json\/wp\/v2\/comments?post=2298"}],"version-history":[{"count":9,"href":"https:\/\/bpmconsulting.com.co\/en\/wp-json\/wp\/v2\/pages\/2298\/revisions"}],"predecessor-version":[{"id":2448,"href":"https:\/\/bpmconsulting.com.co\/en\/wp-json\/wp\/v2\/pages\/2298\/revisions\/2448"}],"wp:attachment":[{"href":"https:\/\/bpmconsulting.com.co\/en\/wp-json\/wp\/v2\/media?parent=2298"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}