1. Product Overview

VendorCheck Pro is a cloud-based vendor compliance management system designed for schools and organisations to manage third-party vendor documentation, monitor compliance status, and maintain clear audit records.

The platform enables schools to:

• Track vendor documents and expiry dates

• Manage approval workflows

• Identify non-compliant vendors

• Maintain audit-ready records

• Automate compliance reminders

VendorCheck Pro replaces manual spreadsheets and fragmented processes with a structured, secure system.

2. Security Overview

VendorCheck Pro is built using modern cloud infrastructure and follows industry-standard security practices.

Key security measures include:

• Secure HTTPS encryption for all data transmission

• Controlled access to all system data

• Role-based permissions

• Continuous system monitoring

• Secure document storage

The platform is designed to ensure data confidentiality, integrity, and availability.

3. Data Protection & Privacy

VendorCheck Pro operates under standard data protection principles.

• The school/organisation is the Data Controller

• VendorCheck Pro acts as the Data Processor

• Data is only used to deliver the service

• No customer data is sold or shared with third parties

The platform aligns with international data protection standards, including GDPR-style principles.

4. Access Control & Permissions

Access to VendorCheck Pro is strictly controlled using role-based permissions:

• System Administrator – platform-level management

• Organisation Administrator – manages vendor compliance within their organisation

• Vendor User – restricted access to upload and manage their own documents

Each user only has access to the data relevant to their role.

5. Data Isolation (Multi-Tenancy)

VendorCheck Pro ensures strict separation of data between organisations.

• Each organisation’s data is logically isolated

• Users can only access records belonging to their organisation

• Vendor users can only access their assigned vendor

This prevents cross-organisation data access.

6. Document Security

Vendor documents are securely managed within the platform.

• Documents are stored in secure cloud storage

• Access is restricted to authorised users

• Document versions are tracked

• Approval and rejection actions are logged

Sensitive documents are not publicly accessible.

7. Audit & Activity Logging

VendorCheck Pro maintains a full audit trail of system activity.

This includes:

• Document uploads

• Approval and rejection decisions

• Compliance status changes

• User actions within the platform

These logs support governance, inspections, and internal reviews.

8. Data Retention

Customer data is retained while the organisation maintains an active subscription.

Upon termination:

• Data can be exported upon request

• Data is securely deleted within 30 days unless otherwise agreed

9. Incident Response

VendorCheck Pro maintains procedures to manage and respond to security incidents.

In the event of a data-related issue:

• Affected customers will be notified

• The issue will be investigated promptly

• Appropriate corrective actions will be taken

Notification will be made in line with standard data protection expectations.

10. Subprocessors

VendorCheck Pro uses trusted third-party providers to deliver the service.

Category. Purpose

Cloud Infrastructure Application hosting

Email Provider System notifications

Domain/DNS Provider. Domain management

All providers are selected based on security and reliability standards.

11. Contact

For security, data protection, or compliance enquiries:

VendorCheck Pro
Email: support@vendorcheckpro.com
Website: www.vendorcheckpro.com www.vendorcheck.ae

VendorCheck Pro is designed to support schools in maintaining clear, auditable vendor compliance processes aligned with governance and safeguarding expectations.

Vendor Check Pro helps school groups manage vendor compliance with a strong focus on information security, access control, auditability, and data governance. Our internal security practices are being structured in alignment with ISO/IEC 27001:2022 information security management principles. Whilst we do not currently claim ISO certification it is firmly on our roadmap.