Supply Chain Information Security

As part of our commitment to safeguarding information and systems, JAC Products requires all suppliers to adhere to the following information and cyber security principles and controls:

Documented Information Security Policies

Suppliers must establish and maintain documented information security policies that ensure the confidentiality, integrity, and availability (CIA) of all data and systems relevant to our engagement.

Information and System Security Program

Suppliers must establish and maintain a comprehensive information and system security program designed to protect data and systems from:

Unauthorized access
Loss
Alteration
Misuse
Other unintended activities
Malicious threats

Risk Management Methodology and Assessments

Suppliers shall use a risk management methodology that includes regular risk assessments. This methodology must provide for the:

Identification of substantive risks and vulnerabilities
Proper treatment of identified risks and vulnerabilities
Thorough documentation of risks, vulnerabilities, and treatment plans that may impact JAC Products data.

Continuous Security Improvement

Suppliers are expected to continually improve their cyber and information security practices and capabilities to address evolving threats and vulnerabilities.

Non-Compliance and Remediation Process:

In the event that a supplier is unable to fully comply with any of the information and cyber security requirements outlined by JAC Products, a good-faith remediation plan will be collaboratively developed and documented to achieve conformance. This plan will be incorporated as part of the relevant cyber security standard within the supplier contract.

Incident Notification

As all companies are potential targets, working together to minimize the risk of cyber incursion is important. Threat actors are indiscriminate in their use of supply chains to access networks and therefore suppliers are expected to support us in preventing any malicious activity and immediately contact JAC Products using [email protected] if they identify anything that causes concern or suggests that anything untoward has occurred on their network.