Third Party Assurance and Contracts

To ensure that we adequately assess vendors that are storing sensitive information, Bentley implemented a Third Party Assurance Questionnaire. This Questionnaire must be filled out by all vendors storing Level 1 or Level 2information. The review process for the Questionnaire is as follows:

  •   Level 1 Data- The Third Party Assurance Questionnaire must be reviewed and approved by the COO, General Counsel, Director of Enterprise Infrastructure & Client Computing Services and the Chief Information Security Administrator.
  •    Level 2 Data- The Third Party Assurance Questionnaire must be reviewed and approved by the Director of Enterprise Infrastructure & Client Computing Services and the Chief Information Security Administrator.

Per Massachusetts general law, effective 3/1/2010, all new contracts with vendors storing Level 1 data must include standard contract language regarding the protection of confidential information. All existing contracts with vendors storing Level 1 data must be updated to include this contract langauge by 3/1/2012.  All contracts must be reviewed by Bentley's General Counsel. The standard language relative to protecting confidential information is below.