Third Party Risk Management

Security assessment for New supplier

Raise a request in Service Now https://helpnxt.techmahindra.com ( -> Service Catalog -> ISG -> Supplier.)

ISG conducts an assessment through questionnaires, technical evaluations & Privacy assessments with the objective of ensuring that the supplier will be adequately able to protect TechMahindra’ s and its clients data in accordance to client contractual requirement, privacy laws and industry best practises.

Onboarding and contracting

Post clearance of the ISG assessment, the supplier is approved to provide services to TechMahindra. And is onboarded by the Vendor management/WPO Team. As part of this process the supplier will enter into commercial contract with TechMahindra which covers an NDA, Data transfer agreement, client Back-to-back requirements and TechMahindra mandatory information and security requirements.

Ongoing Compliance and monitoring

The project manager is expected to be vigilant towards any breach of contract or security /privacy incidents and report to https://isg.techmahindra.com/IMS/Default.aspx . For High-Risk suppliers ISG Uses a Third-Party Risk management score card to monitor the suppliers external environment for open vulnerabilities, compliance issues and potential threats.

Once identified notification and remediation suggestions provided to the PM to ensure any necessary actions are taken swiftly to mitigate risks.

Supplier Termination

Supplier termination can occur Post completion of the work or through failure to adhere to the terms outlined in the contract.

As part of the termination process ISG ensures the safe deletion of TechMahindra or customer information in the possession of the supplier.

The PM needs to promptly inform the ISG TPRM Team at ISGTPSRM@TechMahindra.com to ensure Data deletion, Access Revocation and Asset Return.