Supply Chain Management, Transparency, and
Accountability
As a customer, you have control and ownership over the quality of your data and
potential quality errors that might arise by using
VMware Cloud
services. VMware controls the access rights based on the principle of least privilege, which means
only the minimum level of access required is granted. Access is provided according to
the individual job functions and requirements. Appropriate levels of management
authorize the access rights to computers and information systems and before the rights
are granted. Managing access to information systems is implemented and controlled
through centralized identity stores and directories.
Internal audits are performed annually under
the VMware ISMS program. VMware uses internal and external audits to measure the
conformance and effectiveness of the controls applied to reduce risks associated with
the information security, and identify areas of improvement. Audits are essential to the
VMware continuous improvement program.
VMware has a comprehensive sourcing and
vendor risk management process to select providers that meet VMware requirements
including security provisions. Supplier agreements ensure that providers are in
compliance with the applicable laws, security, and privacy obligations.
As a customer, you are responsible for using
the VMware solution in compliance with relevant laws and regulations. The VMware ISMS
process documents and tracks non-conformance, and also monitors supplier performance and
escalates issues if necessary. To ensure information security across your information
supply chain, VMware also conducts risk assessments annually to ensure that appropriate
controls exist to reduce the risk related to the confidentiality, integrity, and
availability of sensitive information.
The VMware audit and assessment program
performs reviews on subprocessing agreements. VMware monitors audit reports and
certifications to review risk management and governance processes, and effectiveness of
applicable controls.
VMware has made Service Level Agreement
(SLA), Terms of Service, Data Processing Addendums, and Privacy notices publicly
available at vmware.com/download/eula.