Your organisation reviews data processors’ compliance with their contracts.
Ways to meet our expectations:
- Contracts include clauses to allow your organisation to conduct audits or checks, to confirm the processor is complying with all contractual terms and conditions.
- You carry out routine compliance checks, proportionate to the processing risks, to test that processors are complying with contractual agreements.
Can you answer yes to the following questions?
- Is there any follow-up where you identify non-compliance to contract terms or a Service Level Agreement?
- Are the checks proportionate to the risks?