At Mediaocean, we have implemented a Vendor Management policy to ensure that:
- Vendors have implemented appropriate technical and organizational measures to ensure the protection of any data, software or resources entrusted to them in accordance with contractual agreements and applicable laws, and
- We have implemented any controls or security measures which the vendor has identified as being necessary to ensure the continuing protection of the data, software or resources that have been entrusted to them.
This policy includes conducting risk assessments to identify security requirements to be met by the vendor, ensuring these requirements are covered in our agreement with the vendor, and obtaining confirmation on an at least annual basis that the security requirements continue to be met.
We have documented all the vendors who act as sub-processors and help Mediaocean to process client data, including personal data, in accordance with our clients’ instructions. We commit to giving clients at least 30 days’ notice if we plan to start using a new vendor in the delivery of our contracted services to EU clients. Please make sure you follow the Technical > General Requirements: Information security & vendor management section to receive email notifications of any changes.
Update: We updated the sub-processor list on 13 August 2019. The only change is that Abbot Datastore has been removed, as data is no longer held there; all backups are now retained by the US storage providers already listed. No new providers have been added.