The data handling and protection standards of VMware guide employees regarding appropriate labeling and handling of data for each classification level. Handling procedures include the classification, processing, storage, transmission, and destruction of data.
The Risk Management process defines controls that are implemented to mitigate the data security risks, which include:
- Use of separation of duties
- Role-based access control and least-privilege access for all personnel in the supply chain
- Accounting of supply-chain partner data quality errors
- Associated risks and appropriate corrective action policies
