Information security in onboarding process
This section outlines how information security is evaluated during the One Supplier Onboarding process to ensure that you can meet Pandora’s security requirements.
When you participate in the One Supplier Onboarding (OSO) process at Pandora, a security assessment will be performed to identify potential security risks.
This will occur if:
- Your company has access to Pandora's personal or business data, or
- Your company is connected to our systems or network.
If any of the above conditions are satisfied, your company must complete a cyber security assessment process, enabling us to assess your security posture and the controls you have in place.
WHAT IS GOING TO HAPPEN?
- As part of the OSO process at Pandora, you will be required to provide information via questionnaires. The initial questionnaire is designed to gather general information to determine if a security assessment is required. If this is the case, Pandora’s Vendor Risk Management (VRM) team will contact you.
- After you provide the necessary contact information, the VRM team will initiate the cyber security questionnaire and assign it to the designated respondent. This questionnaire consists of short questions and can be answered with a single click. It is provided at no cost and allows for the upload of pertinent documentation.
- After this form is completed and submitted, the VRM team will analyze the content and determine the security level: low, medium, and high, with only medium (above a certain threshold) and high being acceptable.
- Based on your security posture level, your company may continue through the process or may have to implement mitigation actions. If risk mitigation actions are necessary, the VRM team will engage with you to align on the path forward. The onboarding process is continued or in case of unacceptable security level, risk mitigation is discussed