One of the objectives that VASAVA pursues as a daily challenge is the continuous improvement of its ability to provide better service and support to its clients.
In order to achieve this objective, VASAVA has implemented an internal Management System based on the UNE-EN-ISO 9001:2015 standard, integrated together with the UNE-EN-ISO 27001:2022 standard.
One of the requirements established by the Management System is the need to evaluate and select suppliers, maintenance providers, and subcontractors according to their ability to comply with the commitments established with VASAVA.
In accordance with the above, we hereby inform you of our continuous evaluation and approval system for suppliers, maintenance providers, and subcontractors, as well as the general requirements and those applicable to the provision of your services.
Initial evaluation of supplier, maintenance, and subcontractors.
• Certification / Accreditation: Suppliers whose products or Management Systems are certified by an accredited certification body will be positively evaluated. Suppliers are also evaluated based on the accreditations/qualifications they hold that authorize them to carry out their activities.
• Trial Basis: Applied to new suppliers, to whom a trial order will be issued. Once completed, their suitability to become suppliers of VASAVA will be assessed. After the trial period, they will become historical suppliers.
• Strategic Suppliers: Suppliers with whom the organization maintains strategic relationships in terms of operations, image, positioning, etc.
• Competence: Especially applicable to personnel and subcontracted companies that meet the requirements established by VASAVA regarding competencies, experience, and any other specific requirements.
• Exclusivity: Suppliers that are the sole providers of a particular service or product, with no available alternatives.
• Historical Suppliers: Suppliers that have collaborated with VASAVA for at least two years, thereby demonstrating reliability, consistent service quality, and commitment to information security.
• Agility: Suppliers are evaluated based on their responsiveness and efficiency in delivering the required service or product.
Continuous evaluation of suppliers, maintenance providers and subcontractors.
Following the initial evaluation, VASAVA carries out an annual re-evaluation of its suppliers based on incidents and non-conformities associated with each supplier/subcontractor.
Likewise, in compliance with the requirements established by the reference standards, and as a supplier, maintenance provider, or subcontractor of our company, we hereby inform you of the minimum requirements applicable to the provision of your services.
General requirements for service provision.
• The supplier undertakes to guarantee compliance with the requirements specified in the purchase order or external work order.
• At all times, the supplier must comply with all legislation applicable to the service being provided (authorizations or registrations as an authorized entity, technical inspections, etc.).
• The supplier must implement the necessary preventive measures to avoid dangerous or emergency situations during the execution of the assigned work and must train and inform its personnel regarding the work to be carried out.
• The supplier must comply with any internal procedures communicated regarding the company’s Management System.
• If any risk or emergency situation is detected, it must be immediately reported to any company representative or to the person responsible for the service. For this purpose, the following email address has been enabled: seguridad@vasava.es
Requirements to be evidenced.
• Subcontractors: Prior to the start of the service, the person responsible for the Integrated Management System (IMS) of our company will indicate the documentation that must be submitted or updated according to the work to be carried out.
• Supply Suppliers: Product technical datasheets, CE marking, warranty certificates, and certification according to UNE-EN-ISO 9001 or other applicable standards, where appropriate.
• Hardware and Maintenance Suppliers: Information regarding company backups, risk information relevant to the company, and certification according to UNE-EN-ISO 27001 or other applicable standards, where appropriate.
• Cloud Service Providers: Security controls included in contracts or agreements, roles and responsibilities related to the cloud service provided, notification of service changes before production deployment, information regarding possible threats or security incidents affecting the cloud service, and service availability during migrations.
• Other Types of Suppliers (occupational risk prevention services, accounting firms, consultancy firms, among others): Provide evidence relevant to their activity, such as those mentioned above, and certification according to UNE-EN-ISO 9001 or 27001, where applicable.