Common use of Supplier Relationships Clause in Contracts

Supplier Relationships. 13.1. New direct suppliers (including data sub-processors) undergo due diligence covering Information Security, Data Protection, Business Continuity, Corporate Governance and Quality, Health & Safety, Environment, Equal Opportunities, Diversity, Anti- Bribery & Anti-Corruption, Modern Slavery and Child Labour, Ethical Business Practices / Corporate Social Responsibility as well as a credit check, a review of policies, certifications, independent audit reports, independent penetration tests (inc. remediation follow-up) etc. as appropriate. 13.2. Suppliers are subject to confidentiality and right to audit clauses within their contracts. 13.3. Suppliers are required to comply with ▇▇▇▇ & ▇▇▇▇▇▇’▇ Supplier Operating principles and suppliers of products/services which interact with R&M information systems or process personal data are contractually required to agree to our Supplier Information Security Requirements. 13.4. Suppliers are reviewed on a periodic basis. The nature, scope and frequency of this review depends on several factors including the product/service being provided and the supplier’s criticality. 13.5. Critical supplier resilience and recovery capabilities are formally reviewed on an annual basis as part of our Business Impact Analysis (BIA) of our BC recovery capabilities.

Supplier Relationships. 13.1. New direct suppliers (including data sub-processors) undergo due diligence covering Information Security, Data Protection, Business Continuity, Corporate Governance and Quality, Health & Safety, Environment, Equal Opportunities, Diversity, Anti- Bribery & Anti-Corruption, Modern Slavery and Child Labour, Ethical Business Practices / Corporate Social Responsibility as well as a credit check, a review of policies, certifications, independent audit reports, independent penetration tests (inc. remediation follow-up) etc. as appropriate. 13.2. Suppliers are subject to confidentiality and right to right-to-audit clauses within their contracts. 13.3. Suppliers are required to comply with ▇▇▇▇ & ▇▇▇▇▇▇’▇ Supplier Operating principles and suppliers of products/services which interact with R&M information systems or process personal data are contractually required to agree to our Supplier Information Security Requirements. 13.4. Suppliers are reviewed on a periodic basis. The nature, scope and frequency of this review depends on several factors including the product/service being provided and the supplier’s criticality. 13.5. Critical supplier resilience and recovery capabilities are formally reviewed on an annual basis as part of our Business Impact Analysis (BIA) of our BC recovery capabilities.

Supplier Relationships. 13.1. New direct suppliers (including data sub-processors) undergo due diligence covering Information Security, Data Protection, Business Continuity, Corporate Governance and Quality, Health & Safety, Environment, Equal Opportunities, Diversity, Anti- Bribery & Anti-Corruption, Modern Slavery and Child Labour, Ethical Business Practices / Corporate Social Responsibility as well as a credit check, a review of policies, certifications, independent audit reports, independent penetration tests (inc. remediation follow-up) etc. as appropriate. 13.2. Suppliers are subject to confidentiality and right to audit clauses within their contracts. 13.3. Suppliers are required to comply with ▇▇▇▇ & ▇▇▇▇▇▇’▇ Supplier Operating principles and suppliers of products/services which interact with R&M information systems or process personal data are contractually required to agree to our Supplier Information Security Requirements. 13.4. Suppliers are reviewed on a periodic basis. The nature, scope and frequency of this review depends on several factors including the product/service being provided and the supplier’s criticality. 13.5. Critical supplier resilience and recovery capabilities are formally reviewed on an annual basis as part of our Business Impact Impac t Analysis (BIA) of our BC recovery capabilities.

Supplier Relationships. 13.1. New direct suppliers (including data sub-processors) undergo due diligence covering Information Security, Data Protection, Business Continuity, Corporate Governance and Quality, Health & Safety, Environment, Equal Opportunities, Diversity, Anti- Anti-Bribery & Anti-Corruption, Modern Slavery and Child Labour, Ethical Business Practices / Corporate Social Responsibility as well as a credit check, a review of policies, certifications, independent audit reports, independent penetration tests (inc. remediation follow-up) etc. as appropriate. 13.2. Suppliers are subject to confidentiality and right to right-to-audit clauses within their contracts. 13.3. Suppliers are required to comply with ▇▇▇▇ & ▇▇▇▇▇▇’▇ Supplier Operating principles and suppliers of products/services which interact with R&M information systems or process personal data are contractually required to agree to our Supplier Information Security Requirements. 13.4. Suppliers are reviewed on a periodic basis. The nature, scope and frequency of this review depends on several factors including the product/service being provided and the supplier’s criticality. 13.5. Critical supplier resilience and recovery capabilities are formally reviewed on an annual basis as part of our Business Impact Analysis (BIA) of our BC recovery capabilities.