To ensure the availability, confidentiality, and integrity of TDK processes and information, as well as to comply with legal obligations, TDK places great importance on maintaining an appropriate level of security among its suppliers.
The requirements outlined here apply to all suppliers and supplied items and are intended to guarantee a fundamental minimum level of cybersecurity.
In cases where TDK faces an increased risk, individual cybersecurity requirements may be defined and agreed upon, extending or specifying the minimum requirements described in this document.
Requirements for All Suppliers
1. General Provisions
(a) When engaging external personnel or subcontractors, the supplier must ensure that all obligations outlined in this document are equally observed by these external parties.
(b) If compliance with the cybersecurity requirements requires support or contributions from TDK, the supplier is obligated to explicitly and in writing specify these requirements.
(c) Other contractual agreements between TDK and the supplier remain unaffected by these provisions.
2. General Cybersecurity Requirements for Suppliers
Technical Requirements
- Use up-to-date hardware and software, ensuring regular updates and patches.
- Implement recognized, industry-standard security solutions such as firewalls and antivirus software to prevent malware attacks.
- Utilize secure connections for file transfers, with transport encryption of at least TLS 1.2.
Organizational Requirements
- Apply a role-based access control concept to ensure that provided information is accessible only to authorized personnel.
- Report any identified security vulnerabilities to TDK without delay.
- Use strong, secure passwords to protect internal IT systems.
- Operate an access control system for physical premises.
- Implement additional security measures as required by TDK.
- The contracting partner shall grant access at any time to all information collected and stored under the contract.
- The contracting partner undertakes to conduct regular information security awareness training in the relevant work areas.
3. Collaboration Rules with TDK Regarding Cybersecurity
(a) Incident Notification
The supplier is required to inform TDK without undue delay if a cybersecurity incident becomes known that has enabled or could enable unauthorized access to TDK information, or that has had or could have a negative impact on the supplier’s ability to deliver agreed products or services (hereinafter referred to as “Cybersecurity Incident”).
(b) Actions in Case of Incidents
For incidents involving TDK information, the supplier will:
- Take appropriate and reasonable measures without delay to minimize potential damage to TDK
- Document all actions taken during the incident in a traceable manner and provide this documentation to TDK upon request
- Coordinate any public disclosure of information regarding the incident with TDK
- Immediately notify TDK of any inquiries from authorities regarding disclosure or transmission of information and agree on further steps with TDK
- Conduct a thorough root cause analysis, define and implement preventive measures to avoid similar cases, and keep TDK informed about the action plan and its progress until full implementation
(c) Requests from Authorities
If the supplier is requested by authorities to disclose TDK information without TDK’s consent, the supplier will exhaust all legal options to prevent disclosure and inform TDK immediately, provided this is legally permissible.
(d) Access to TDK Systems and On-Site Activities
If the supplier works with TDK systems or performs activities on TDK premises, the supplier commits to requesting and complying with the applicable TDK cybersecurity policies.
(e) Return of Assets and Information
Upon TDK’s request, and no later than upon termination of the supply relationship, the supplier must promptly return all assets provided by TDK for the fulfilment of the agreement. If the supplier still has access to TDK systems related to service delivery, such access must be terminated immediately, and TDK must be informed. Furthermore, the supplier is obligated to return all developed information, software, and agreed documentation upon request or at the latest upon termination of the supply relationship.
![Qualität]({"uncropped":{"1338":"/resource/image/3657938/uncropped/1338/0/33f3466b0d2e2ce2d40aec5476318da9/887FF1FE00EA618A606627A549812968/zitat-zeulner-image.png","333":"/resource/image/3657938/uncropped/333/0/33f3466b0d2e2ce2d40aec5476318da9/24EAB5056184260A2B70A45C3F350009/zitat-zeulner-image.png","600":"/resource/image/3657938/uncropped/600/0/33f3466b0d2e2ce2d40aec5476318da9/C8BBE8239A9524C21D9359B5DAD8CB49/zitat-zeulner-image.png","290":"/resource/image/3657938/uncropped/290/0/33f3466b0d2e2ce2d40aec5476318da9/359AD7F922F2F91C26417D7FD02859A0/zitat-zeulner-image.png","1050":"/resource/image/3657938/uncropped/1050/0/33f3466b0d2e2ce2d40aec5476318da9/0AAE116E4C848ADC34FA24128F9FF106/zitat-zeulner-image.png"}})
![Qualität]({"uncropped":{"333":"/resource/image/3657886/uncropped/333/0/6fa3fb2a3a63d16de054c6ea5bb7826/6D23EFD3E61025E81E642BEBCE715C5D/cybersecurity-image.jpg","600":"/resource/image/3657886/uncropped/600/0/6fa3fb2a3a63d16de054c6ea5bb7826/7ACCCE4FADBEA974D1800B0D358E3191/cybersecurity-image.jpg","290":"/resource/image/3657886/uncropped/290/0/6fa3fb2a3a63d16de054c6ea5bb7826/7B8A9C5C453C344991C7A90DFF141A63/cybersecurity-image.jpg","2000":"/resource/image/3657886/uncropped/2000/0/6fa3fb2a3a63d16de054c6ea5bb7826/D2F2FB011BD0EF14CF2D74CFA4CA41E8/cybersecurity-image.jpg","1050":"/resource/image/3657886/uncropped/1050/0/6fa3fb2a3a63d16de054c6ea5bb7826/0569651FDD91B83F35F729F2078F05FB/cybersecurity-image.jpg"}})
![Qualität]({"uncropped":{"333":"/resource/image/3657888/uncropped/333/0/64c9a7acaed19c50258e7789199c9cde/CE00ED9850035CFBB5808B09BE26A684/report-image.jpg","600":"/resource/image/3657888/uncropped/600/0/64c9a7acaed19c50258e7789199c9cde/6B6C49A0E4A34982EE2BD8DCFD30EB87/report-image.jpg","290":"/resource/image/3657888/uncropped/290/0/64c9a7acaed19c50258e7789199c9cde/F399C60C0FE24D4AB960F58983610F4E/report-image.jpg","2000":"/resource/image/3657888/uncropped/2000/0/64c9a7acaed19c50258e7789199c9cde/16C5BFBA5EB04ACBFD6DBF9B1FA862AF/report-image.jpg","1050":"/resource/image/3657888/uncropped/1050/0/64c9a7acaed19c50258e7789199c9cde/5DA9F1D6E6AB62D258008469BD7023C0/report-image.jpg"}})