At Mediaocean, we have implemented a Vendor Management policy to ensure that:
- Vendors have applied appropriate technical and organizational measures to protect any data, software or resources entrusted to them in accordance with contractual agreements and applicable laws, and
- We have applied any controls or security measures which the vendor has identified as necessary to protect the data, software or resources that have been entrusted to them.
This policy includes conducting risk assessments to identify security requirements to be met by the vendor, ensuring these requirements are covered in our agreement with the vendor, and obtaining confirmation at least annually that the security requirements continue to be met.
We have documented all the vendors who act as sub-processors and help Mediaocean to process client data, including personal data, in accordance with our clients’ instructions. We commit to giving clients at least 30 days’ notice if we plan to start using a new vendor in the delivery of our contracted services to EU clients. Please make sure you follow the Legal & Compliance > Mediaocean Information Security Controls section to receive email notifications of any changes.
Update: We updated the sub-processor list on 20 March 2020 to include Microsourcing. Microsourcing provides technical and application support to supplement our Customer Experience team. They provide technical and back-office services for all regions, especially for hours of coverage outside of our published Customer Experience business hours. They also provide some light application support for our APAC region.