AiVRIC User Guide

AiVRIC.com Trust Center Request demo Support

Security policy

Third-Party Management

Assesses and governs vendors and partners that handle AiVRIC data or services.

Applies to AiVRIC workforce, partners, and subprocessors Trust Center Acceptable use

On this page

Purpose & scope
Key controls
Operating procedures
Evidence & ownership

Purpose & scope

This policy guides how AiVRIC designs, operates, and validates Third-Party Management across production, corporate, and partner environments.

It applies to employees, contractors, vendors, and any system interacting with AiVRIC data or services.

Key controls

Perform security and privacy due diligence before onboarding vendors.
Use contracts and DPAs with required controls and breach notifications.
Monitor vendor performance and reassess risk periodically.
Track data flows and ensure least-privilege access to AiVRIC assets.

Operating procedures

Complete vendor risk questionnaires and reviews before approval.
Maintain a vendor inventory with data types and owners.
Reassess high-risk vendors annually or after incidents.

Evidence & ownership

Owner: Security & Compliance. Review cadence: annually or after material changes.

Evidence: Collected via AiVRIC audit logs, ticketing systems, monitoring dashboards, and vendor records as appropriate to this policy area.

Contact: [email protected]