

Doug’s accountabilities
As a Service Owner, Doug is required to undertake a number of due diligence activities when engaging third party suppliers, as per the:
- Supplier Governance Framework.
- Sourcing Process.
- Supplier Risk Management, Outsourcing and Offshoring Policy and Standards.
Examples of some of these responsibilities include:
- Ensuring that security is considered right from the start of a supplier engagement.
- Completing all applicable risk assessments (e.g. Privacy Impact Assessment, Supplier Security Assessment, Technology Risk Assessment, etc).
- Maintaining situational awareness and being alert to data breaches or changes impacting his suppliers, and notifying DPG and his Line 1 Risk team of these as appropriate.
- Enforcing conditions as per commercial contracts.
- Calling-out and raising issues of non-compliance.