DSAP Supplier Agreement Form Version 3.0
DSAP Supplier Agreement Form Version 3.0
DSAP Supplier Agreement Form Version 3.0
As a TDCX (PH) Inc Supplier, you are responsible in protecting TDCX data and its client/s.
As stated on the TDCX DSAP Policy (1-001), all suppliers are required to follow the commitment by the TDCX
Executive Committee in ensuring that all data shall have appropriate controls to preserve its confidentiality,
integrity, and availability.
TDCX (PH) Inc is committed in safeguarding and in ensuring privacy to all data that is being processed and/or
stored by the resources that TDCX has a legal and contractual requirement to. In line with this commitment, TDCX
created a Data Security and Privacy Management System (DSAPMS) that consists of policies which will be owned
and managed by the Business Compliance Manager of the Business Excellence Department which is co-led and
supported by the TDCX Executive Committee. The DSPMS has the pillars of governance, monitoring, evaluation,
and continuous improvement towards the current system to ensure that every data point preserves its
confidentiality, availability, integrity, and compliance to all regulations, legislations, and contractual
requirements.
Data Confidentiality
TDCX requires all suppliers to ensure that the data can be accessed by authorized personnel, entity, and/or parties
that is under the agreement with TDCX.
Data Availability
TDCX requires all suppliers to provide appropriate processes and controls to ensure that the data entrusted to all
suppliers is resilient to any threat; guaranteeing it is always available when it is required to be accessed based on
the scope of work.
Data Integrity
TDCX requires all suppliers to provide appropriate processes and controls to ensure that the data entrusted to all
suppliers can only be modified by the authorized person based on the scope of work.
People Security
Suppliers must ensure that the people/human resource who will provide services in handling TDCX data directly or
indirectly (visual and/or audible) shall undergo the following check/s:
Document version no. 3.0 Document control no. BEX/PE/F/1007 Classification Confidential
• Background Check – This is to ensure that the credentials declared shall be validated based on the
requirement of the agreement on scope of work. This is to ensure competence of the individual in handling the
TDCX data
• Police/ NBI Clearance – This is to ensure that the individual who can directly or indirectly access TDCX has
no criminal records
• Non-Disclosure Agreement (NDA) – This is to ensure that the Individual who can directly or indirectly access
TDCX data shall sign the NDA form that binds the individual as an unauthorized person who must not disclose
any TDCX data that one processes or comes across when on any given event.
• Security Awareness – The suppliers ensure that all resources shall undergo training before they access TDCX
data and shall have an annual refresher of the TDCX’s data security policies. The Data Security Awareness
materials will be shared by TDCX once requested.
Physical Security
Facilities where the TDCX data is being processed shall have appropriate controls to ensure that the TDCX
data being processed is protected from any visual or audible collection by unauthorized personnel who is not
part of the scope of work.
Logical Security
Technologies used shall have appropriate security protocols to ensure that the TDCX data is protected from
unauthorized access, modification, and/or deletion.
Right to Audit
TDCX has the right to audit the supplier to assess and ensure compliance to this TDCX Supplier DSAP
agreement and all existing agreement with TDCX.
Data Incident
All suppliers are required to report, without any exemptions or delays, any data incident of TDCX data within
twelve (12) hours from the time of discovery and provide a data incident report within the seventy two (72)
hours’ from the time of discovery. (Supplier is required to call AND email their TDCX point of contact and
shall email and/or call [email protected] +63 2 862 9566 ext. 89556.
End of Agreement
Suppliers shall delete all the TDCX data upon cessation of the agreement. All physical and digital copies of all
type of TDCX data shall be deleted in a method that cannot be recovered.
Deviation/ Exemption
Any request for exclusion from any segments terms of this agreement shall secure a written approval from
[email protected]
Document version no. 2.0 Document control no. BEX/PE/F/1007 Classification INTERNAL
_____________________________
Authorized Supplier Representative
_____________________________
Date
Document version no. 2.0 Document control no. BEX/PE/F/1007 Classification INTERNAL