1. Object
This document is established to inform CIDAUT Foundation suppliers of the general guidelines followed for the evaluation, selection, performance monitoring and re-evaluation of external suppliers.
2 Area of application
In accordance with the requirements of ISO 9001:2015, this document applies to external suppliers of the CIDAUT Foundation that supply products and services that may adversely affect the ability to deliver the results of the projects, technological services and tests that develops the CIDAUT Foundation. Below is a non-exhaustive list of processes, products and services to which these guidelines would apply:
Services and/or processes of:
Products
3. Development
3.1. Evaluation and selection of suppliers
The Foundation Purchasing Manager establishes the criteria based on which the evaluation and selection is carried out in order to guarantee that the selected supplier supplies the products and services in accordance with the necessary requirements. The selection criteria are a combination of the following depending on the type of product/service:
3.2. Monitoring performance and reevaluation of suppliers.
To ensure that controlled external suppliers continue to supply in accordance with established requirements, suppliers are subject to periodic monitoring and control. Depending on the type of provider, it is established:
Supplier type | Tracking | Re-evaluation |
Regular: regular suppliers | X | X |
About project: specific suppliers for a given project | X | Does not apply |
Occasional: single purchase suppliers | Does not apply | Does not apply |
Tracking
Monitoring of external suppliers is carried out continuously:
Re-evaluation
Regular suppliers are periodically re-evaluated. For this, it is reviewed:
Impartiality and independence are basic principles of the CIDAUT Foundation's activity. CIDAUT Foundation acts impartially and independently of all types of pressures, whether commercial or otherwise, in its activities and services provided to clients, institutions and organizations.
CIDAUT Foundation continuously evaluates each possible conflict/risk that may affect the independence and impartiality of its activities, carrying out the pertinent consultations and inquiries to ensure that it does not incur any incompatibility and loss of independence in the aforementioned terms. Limiting activity and/or implementing relevant actions in case of doubt or conflict.
The personal data to be protected includes all those that are processed by us (whether data of clients, potential clients, suppliers, workers, contacts, external collaborators, etc.).
Therefore, both FUNDACION CIDAUT, and all its staff, whether internal or external, who are involved in some way in the processing of personal data, must:
CIDAUT FOUNDATION (hereinafter, CIDAUT) is an entity dedicated to research and development in Transportation and Energy, with the objective of enhancing competitiveness and industrial development in companies in the transportation, energy and industry sectors in general. .
Aware of the importance that information security has for the development of its business, it has decided to implement a management system and subscribes to this policy.
CIDAUT establishes, defines and reviews objectives within its Information Security Management System (ISMS) aimed at improving its security, understanding it as the preservation of the confidentiality, availability and integrity of its information, as well as the systems that support it. support, increasing the confidence of our customers and other interested parties; along with compliance with all applicable legal, regulatory and contractual requirements.
The design, implementation and maintenance of the ISMS will be supported by the results of a continuous risk analysis and management process from which the actions to be carried out in terms of security within the scope of its system are derived, which is:
"Information systems that support the processes linked to the implementation of research, development and technological innovation projects, technological services and tests in the areas of: product design, energy and environment, materials, transformation processes, safety in vehicles, road safety, mobility, acoustics and vibrations and information technologies and industry 4.0 that are of interest to the industry in general and especially to the transport and energy sectors."
The CIDAUT Management will establish the risk evaluation criteria so that all scenarios that imply an unacceptable level of risk are treated appropriately.
As part of the ISMS, Management will develop, implement and keep updated a Business Continuity Plan according to the needs of the company and dimensioned to the risks that affect it.
The CIDAUT Management is committed to the implementation, maintenance and improvement of the ISMS, providing it with those means and resources that are necessary and urging all staff to assume this commitment. To this end, CIDAUT will implement the measures required for the training and awareness of personnel with information security. In turn, when workers fail to comply with safety policies, Management reserves the right to apply disciplinary measures in accordance with the application agreement and within the applicable legal framework, and according to the impact this has on the organization.
Everything defined in this policy will be specified and developed in regulations and procedures of the ISMS, which will be integrated to the extent possible with other management systems of the organization, sharing those resources in favor of optimization and seeking continuous improvement of the efficiency and effectiveness of process management.
Every user will have the obligation to report security incidents using the guidelines established by CIDAUT.
This policy will apply to all personnel and resources that are within the scope of the ISMS, it is brought to their attention and is communicated to all interested parties.
This website uses cookies so that we can offer you the best possible user experience. The information of the cookies is stored in your browser and performs functions such as recognizing you when you return to our website or helping our team understand which sections of the website you find most interesting and useful.
The strictly necessary cookies must always be activated so that we can save your cookie settings preferences.
If you deactivate this cookie we will not be able to save your preferences. This means that every time you visit this website you will have to activate or deactivate cookies again.