Suppliers and third parties data policies and procedures

Where information and personal data are processed by a contractor or supplier on our behalf, we must make sure that it is processed efficiently and according to the law.  

To make sure we are carrying out our duties and responsibilities fully, the controls within the Information Policy must be in place and the requirements met. These process and procedures must be managed by contractor parties and employees and monitored by the council. You can read more in our guidance.

Information policy requirements for suppliers (PDF, 690KB)

Non-disclosure agreement (NDA)

Any third party contractor, supplier or partner who is given access to information that is not in the public domain will need to sign the non-disclosure agreement.  

This includes contractors or suppliers that will have access to confidential or commercially sensitive information, for example any suppliers accessing the Mosaic social care software.

Non-disclosure (NDA) form (PDF, 155KB)

Suppliers and contractors data procedures

When working with third parties or suppliers who will process information on our behalf, we must have an agreement in place with them to make sure that we are compliant with the Data Protection Act.

The Data Protection and Information Handling Agreement covers a number of areas including data protection, intellectual property and Freedom of Information and outlines contractors’ obligations to the council.  

Data protection and information handling agreement (DOCX, 55KB)

We also have a procedure that you should follow when dealing with payment cards to make sure that data and transactions are secure.  

Payment card security procedure (PDF, 140KB)

 

Last published date:
Next review date: