Third Party Assessment (Vendor Assessment)

What is it?
The Third Party Assessment, managed by the SIP Office, is Syensqo’s process for evaluating and managing cybersecurity risks associated with IT vendors and partners. This ensures that all external collaborations meet our security and compliance standards.

Why is it important?

• Protects Syensqo’s data and systems from external threats
• Ensures compliance with legal, regulatory, and contractual requirements
• Supports secure and resilient business operations

When is it required?

• Before signing any IT contract with a new vendor
• During contract renewal or termination
• When there are significant changes in the service or vendor relationship

How does it work?

1. Contact: Project teams reach out to the SIP Office to initiate the assessment.
2. Information Collection:
   • Project team completes the Inherent Risk Questionnaire (IRQ)
   • Vendor completes the CyberSecurity Requirements Questionnaire (CSRQ)
3. Analysis: SIP analysts review the information, conduct a security analysis, and may request clarifications.
4. Reporting: The SIP Office provides a Security Annex, which must be attached to the contract before signature.

Key Responsibilities:

• Project/IT Contract Owner: Initiates the process, completes required questionnaires, and ensures the Security Annex is attached to the contract.
• Vendor: Completes the CSRQ and provides supporting evidence.
• SIP Office: Guides the process, analyzes risks, and delivers the Security Annex.

Contact:
For questions or to start an assessment, email: sip-office@syensqo.com