SURF Vendor Compliance

Together we ensure the best privacy and security terms for education and research

What is Vendor Compliance?

When personal data is breached, institutions face the risk of fines, reputational damage and liability claims. It is therefore necessary to check with suppliers how they process your data. Clear agreements must be made about this. Institutions often perform this compliance work individually: the same work for the same applications while expertise is scarce and expensive. To support institutions in these processes and take work off their hands, SURF Vendor Compliance carries out various compliance processes each year. Each year an average of eight projects are picked up. We determine which projects these are together with the members.

View all compliance assessments

Zoom

Read all about the privacy agreements for all Zoom Education and Enterprise users in Europe.

Updated on: 03 June 2024

Microsoft

Read all about the compliance tracks on Microsoft

Updated on: 18 December 2024

Google Workspace in education

All about contractual, organizational and technical measures related to the use of Google Workspace by educational institutions in the Netherlands.

Updated on: 27 June 2024

SURF provides (in collaboration with partners):

The conducting risk analyses (including DPIAs and DTIAs);
performing security and compliance checks, including data transfers outside the EEA, with legal and technical investigations;
establishing, delivering and applying review frameworks against which suppliers are reviewed;
making agreements with suppliers, such as processor agreements, that mitigate privacy risks and agree on security measures;
providing information and support on how institutions can use the assessed applications/(cloud) software as securely as possible;
monitoring suppliers' compliance with agreements made.

What are the benefits of Vendor Compliance?

✔︎ Acting together

By taking up assessments together, we have a strong negotiating position towards suppliers; we speak on behalf of the entire research and education sector.

✔︎ Combining expertise

By pooling expertise, institutions individually save costs and time.

✔︎ Support and choice

Institutions get the building blocks they need to make their own trade-offs for the secure use of assessed applications/(cloud) software.

View the latest posts

Google Workspace can be safely used in education

So reports the Ministry of Education, Culture and Science (OCW) based on research by SURF and SIVON to the House of Representatives today. In recent years, SURF and SIVON investigated...

Updated on: 27 June 2024

Google Workspace for Education

Zoom’s efforts to fulfill the agreements made with SURF to deliver an even more secure digital environment to its education customers in Europe.

We are proud to announce that Zoom has reached the next milestone for enterprise and education customers in the Netherlands and all of the EEA: The long-standing close partnership with SURF...

Updated on: 03 June 2024

Zoom

SURF, SIVON and Google reach agreement Terms of Service Google Chrome

In May 2023, SURF and SIVON reached an agreement with Google on the new Terms of Service (ToS) for the use of Chrome OS and Chrome browser for Chromebooks. After...

Updated on: 30 May 2024

Google Workspace for Education

Do you have a question or want to communicate your desire about a compliance assessment

By talking to suppliers and staying in dialogue, we agree on the best privacy and security conditions for research and education.

If you have a question about a compliance program, please contact us or send us your requirements via the button below.

Pass on your wishes