<aside> 💡 Please refer to this document whenever a third party, such as; vendor, sub-processor, SaaS tool, native desktop application or integration is being considered for use.


What is the problem you are trying to solve?

Lay out the issue and problem you are trying to solve. Take a step back and look at the bigger picture. Do we even need the process you're considering purchasing a tool for? Do we have an existing tool already purchased? Be conscious of optimizing a bad process. Consider if you should depreciate the process entirely.

If you do need to procure a new tool, ask yourself the following questions:

  1. Which Remoter/Department is involved and do they need to be? Who are you stakeholders?
  2. Which teams/people will be impacted by the purchase of this tool?
  3. What is the inception of the problem and what does the solution look like?
  4. Map out steps and ask why each one is done
  5. Note improvements that can be made

What are the Privacy Concerns?

Third parties will often collect personally identifiable information (PII) from Remoters, Clients and Employees. Examples are (but not limited too): name, email, address, IP address, role, birthday etc.

ALL vendors and third parties need a security review, as a data breach from a 3rd party still expresses responsibility by Remote.

Go to this page to create a new vendor assessment process.

Note: Some information will probably be direct from the Third party

Does it Connect to the product?

In the event that a tool needs to connect to the product, we need to understand how this works and how the data stored within the product is impacted. The product may well have to leverage a 3rd party to achieve certain task not carried out by the product itself, this is known as a subprocessor. The privacy is covered in the section above, but the other questions that need to be answered are:

  1. Where is the API documentation? If no API how is data moved between Products
  2. How is Authentication achieved?
  3. List out the Data Processing involve, what is done by the subprocessor and what is done by the Product.