VENDOR CYBER RISK MANAGEMENT

SELECT YOUR PREFERRED LANGUAGE:

Simplified Chinese - 简体中文
Traditional Chinese - 繁体中文
Czech - český
English
French - Français
German - Deutsch
Italian - Italiano
Japanese - 日本語
Polish - Polski
Portugese
Portuguese (Brazil) - Português
Spanish - Español
Russian - Pусский
Turkish - Türkçe
Vietnamese - Tiếng Việt

Mondelēz International leverages information technology and third-party service providers to support our global business processes and activities.

Manufacturing and distribution

Communicating with our suppliers, customers and employees

Maintaining effective accounting processes and financial and disclosure controls

Meeting regulatory, legal and tax requirements

Conducting research and development activities

Executing mergers and acquisitions and other corporate transactions

Executing various digital marketing and consumer promotion activities

A cyber security breach of our third-party systems, whether from circumvention of security systems, denial-of-service attacks or other cyberattacks such as hacking, phishing attacks, computer viruses, ransomware or malware, employee or insider error, malfeasance, social engineering, physical breaches or other actions, may cause confidential information belonging to us, our customers, consumers, partners, suppliers, or governmental or regulatory authorities to be misused or breached.

Reporting cyber security issues: If you have a cyber security incident to report, please contact your primary contact at Mondelēz International and also send an email to cybersecurity@mdlz.com

Report a Cyber security incident

Vendor Cyber Risk Management

The Mondelēz International Vendor Cyber Risk program supports the planning, automation and management of cyber risk with enrolled suppliers and other third parties. It leverages the Mondelēz International Vendor Cyber Risk portal to store security assessments for existing suppliers and support new suppliers to be assessed, evaluated and classified based on risk profiles.

Mondelēz International’s Security Risk Management organization, with support from business owners and procurement specialists, will be responsible for registering and initiating enrollment in the Vendor Risk Management process.

Mondelēz International has launched a central secure repository for third parties including key vendor contacts and service offerings/engagements. We have the ability to conduct cyber risk assessments using automated questionnaires comprised of tailored content with a refresh frequency for each supplier. The secure repository provides an external facing portal that centralizes all interactions and communications with suppliers. Any cyber security issues and associated remediations are tracked via workflows that enable issue identification, findings review, solution design and remediation plan alignment with suppliers to facilitate closure. This critical functionality allows for unprecedented collaboration with our suppliers in addition to risk reduction for both organizations.

Contractual requirements

The Cyber Security and Operations Expectations Manual (CSE) is included in our contract template used to establish a contractual relationship between Mondelēz International and a supplier. Mondelēz International procures a wide range of goods and services and utilizes the CSE globally, so there are conditional sections as specified within contractual agreements. Additional data privacy requirements may also apply where personal data is processed. We also expect our suppliers and partners to abide by our Cyber Security and Operations Expectations Manual.

SUPPLIER INFORMATION CENTER

Please visit our Supplier Information Center for more information on how to conduct business with Mondelēz International.

To learn more about Mondelēz International Supplier Programs click here