One of the objectives that VASAVA sets itself as a daily challenge is the continuous improvement of its ability to provide better service and attention to its clients.
In order to achieve this objective, VASAVA has implemented an internal Management System based on the UNE-EN-ISO 27001:2022 standard.
One of the requirements established by the Management System is the need to evaluate and select supplier, maintenance, and subcontractor companies based on their ability to meet the commitments established with VASAVA.
In accordance with the above, we hereby inform you of our system for the continuous evaluation and approval of supplier companies, as well as the general requirements and those applicable to the provision of your service:
Initial Evaluation of Supplier, Maintenance, and Subcontractor Companies.
Certification / Accreditation:
Supplier companies whose products or Management Systems are certified by an accredited certification body will be positively assessed. Likewise, supplier companies are evaluated based on the accreditations/qualifications they hold that authorize them to carry out their work.
Trial Period:
This applies to new supplier companies, for which up to three trial orders will be placed. After these, their performance will be analyzed and their suitability to become supplier companies for VASAVA will be determined. Once the trial period has been successfully completed, they will be classified as historical suppliers.
Strategic:
Supplier companies with which the organization strategically maintains relationships related to operations, image, positioning, etc.
Competence:
This will be carried out especially for subcontracted personnel and companies that meet the requirements demanded by VASAVA in relation to competencies, experience, and any other specific requirement.
Exclusivity:
Supplier companies that are the sole providers of a given service or product. There are no alternative suppliers.
Historical:
Supplier companies that have collaborated with VASAVA for at least two years, providing reliability and consolidating the quality of their services and their commitment to information security.
Agility:
Supplier companies are evaluated based on their responsiveness and speed in providing the service or supplying the required product.
Continuous Evaluation of Supplier, Maintenance, and Subcontractor Companies.
Following the initial evaluation, VASAVA carries out an annual re-evaluation of its supplier companies based on incidents and non-conformities associated with each supplier/subcontractor.
Likewise, in compliance with the requirements of the reference standards and as a supplier, maintenance company, or subcontractor of our organization, we inform you of the minimum requirements applicable to the provision of your service.
General Requirements for Service Provision.
• The supplier company undertakes to guarantee compliance with what is requested in the purchase order or external work order.
• At all times, the supplier company is obliged to comply with the legislation applicable to the service being provided (authorizations or registrations as an authorized entity, technical inspections, etc.).
• The supplier company must apply the necessary preventive measures to avoid hazardous or emergency situations during the execution of the assigned work and must train and inform its personnel about the work to be carried out.
• The supplier company must comply with the internal procedures that have been communicated to it regarding the company’s Management System.
• If any risk or emergency situation is detected, it must be immediately reported to any company employee or to the person who assisted them. For this purpose, the following email address has been enabled: seguridad@vasava.es
Requirements to Be Evidenced.
• Subcontractors: Prior to the start of the service to be provided, the person responsible for the System within our company will indicate the documentation to be submitted or updated, depending on the work to be carried out.
• Supply supplier companies: Product technical data sheets, CE marking of the product, warranty certificate, and certification according to UNE-EN-ISO 9001:2015 or other applicable standards, where appropriate.
• Hardware and maintenance supplier companies: Information on company backups, risk information for the company, and certification according to UNE-EN-ISO 27001 or other applicable standards, where appropriate.
• Other types of supplier companies (external prevention services, accounting firms, and consultancy firms, among others): Provide evidence such as NDAs, personal data processing agreements as applicable to their activity, and certification according to UNE-EN-ISO 27001 or other applicable standards, where appropriate.