Cyber Security Policy Manual

S UPPLIER R ISK M ANAGEMENT P OLICY

P URPOSE The purpose of this policy is to ensure that City of Greensboro’s engagements with suppliers, contractors and consultants have acceptable levels of risk to the confidentiality, availability and integrity of the City’s systems and information.

S COPE This policy applies to:

1) All City of Greensboro suppliers 2) All City of Greensboro contractors and consultants

D EFINITIONS Confidential Information

The type of information that if lost or stolen could severely impact the City of Greensboro and its residents. Examples include personal health information, bank account numbers, passwords, personally identifiable information and credit card information Any data or combination of data that can be used to uniquely identify, contact, or locate the individual to whom such information pertains Any individually identifiable information which relates to the past, present, or future physical or mental health or condition of an individual or the provision of health care to an individual

Personally Identifiable Information (PII)

Protected Health Information (PHI)

R OLES AND RESPONSIBILITIES Function

Responsibility

Cyber Security Team

Conduct audits and security reviews of suppliers to identify risks and ensure compliance to requirements

Cyber Security Analyst Suppliers, Contractors and Consultants

Assist in supplier risk assessment activities

Adhere to all rules and guidelines defined in this policy

Cyber Security Policy Manual

28