1.0 Purpose
The purpose of this policy is to establish precise guidelines for handling vendor management and information security questionnaire requests, ensuring that Cardtapp's resources are allocated effectively, focusing on significant corporate customer relationships and compliance with security standards.
2.0 Scope
This policy is applicable to all vendor management and information security questionnaire requests received by Cardtapp from its customers.
3.0 Policy Conditions
3.1 Eligibility Criteria for Support
3.1.1 Cardtapp will support vendor management questionnaires exclusively for customers who have an active Cardtapp Enterprise Customer Agreement.
AND
3.1.2 The Enterprise Agreement must be centrally paid by the customer requesting the vendor and compliance documentation.
AND
3.1.3 The account must have a total number of users exceeding 50 licenses and/or an annual billing amount greater than $10,000.00. This criterion is set to ensure that the company's efforts are focused on substantial, enterprise-level accounts.
3.2 Objective Alignment
3.2.1 This policy is designed to ensure that Cardtapp’s compliance and security efforts are directed towards significant, corporate-governed accounts, thereby optimizing resource allocation.
3.2.2 Strengthen Cardtapp's engagement and connections with its most valuable corporate customers, fostering long-term business relationships.
3.3 Procedure for Handling Requests
3.3.1 The compliance and vendor management team will:
3.3.1.1 Verify the requester’s eligibility based on the revised criteria.
3.3.1.2 Politely decline requests from ineligible customers, offering alternative support where possible.
3.3.1.3 For eligible requests, undertake a thorough review process.
3.3.2 The completion and submission of the questionnaire will be conducted with attention to detail and adherence to compliance standards.
3.4 Documentation and Record-Keeping
3.4.1 Comprehensive records of all questionnaire requests, processes, and submissions will be maintained. This will include requester details, the nature of the questionnaire, completion, and submission dates.
3.5 Review and Update
3.5.1 This policy will be periodically reviewed and updated to ensure its relevance and effectiveness in line with regulatory changes and business dynamics. Stakeholders will be informed of any significant amendments.
3.6 Responsibilities
3.6.1 The compliance and vendor management team is tasked with implementing this policy, managing the review and completion process for eligible questionnaires.
3.6.2 The sales and customer service teams are responsible for communicating this policy to customers and handling related inquiries.
3.7 Collaboration with Customer
3.7.1 For documentation required by Customer, the Customer will be responsible for providing the necessary documents for review. Cardtapp will ensure that these documents are processed efficiently and in a timely manner. Typically, the review process is 30-60 days but will depend on current volume of pending requests.
4.0 Conclusion
With these criteria, Cardtapp's policy on vendor management and information security questionnaires is more targeted, ensuring resources are dedicated to enterprise-level customers who meet specific thresholds in terms of agreement, payment, and size. This strategic approach allows for better alignment with corporate customers, enhancing service quality, and maintaining robust compliance and security standards.