At Mediaocean, we have implemented a Vendor Management policy to ensure that:
- Vendors have applied appropriate technical and organizational measures to protect any data, software or resources entrusted to them in accordance with contractual agreements and applicable laws, and
- We have applied any controls or security measures which the vendor has identified as necessary to protect the data, software or resources that have been entrusted to them.
This policy includes conducting risk assessments to identify security requirements to be met by the vendor, ensuring these requirements are covered in our agreement with the vendor, and obtaining confirmation at least annually that the security requirements continue to be met.
We have documented all the vendors who act as sub-processors and help Mediaocean to process client data, including personal data, in accordance with our clients’ instructions. We commit to giving clients at least 30 days’ notice if we plan to start using a new vendor in the delivery of our contracted services to EU clients. Please make sure you follow the Legal & Compliance > Mediaocean Information Security Controls section to receive email notifications of any changes.
Update: We updated the sub-processor list on November 4, 2020 to include the data centers which support our Scope application following Mediaocean's acquisition of 4C Insights.