1. Overview and Scope
This document sets forth [Insert Company]’s key policy requirements related to the management of suppliers and their sub-contractors. It is the intent of this policy to define the risk framework to be utilized for managing supplier relationships, to provide direction, and to enforce standards and safeguards to enable [Insert Company] to assess, manage, and mitigate the various types of risks presented by the supplier relationship with the understanding that [Insert Company] is ultimately responsible for all activities that are handled by a third party on behalf of [Insert Company].
This Supplier Risk Management Policy (Policy) defines our framework for managing supplier relationships. It describes our expectations for classifying our suppliers based on risk; establishes appropriate measures to mitigate risks; and outlines the processes and associated controls for selecting, risk ranking, contracting with, monitoring, and terminating relationships with our suppliers.
This policy and its supporting procedures are designed to provide [Insert Company] with a documented and formalized supplier risk management policy to manage vendor relationships throughout the supplier lifecycle.
This Policy applies to (i) employees who manage supplier relationships on the company’s behalf; and (ii) all third-party consultants, subcontractors, and vendors, including their employees, agents, and representatives (together, suppliers), that provide services to [Insert Company]. “Services” include applications, products, systems, infrastructure, networks, security measures, advisory services, personnel, financial products, insurance, and other offerings that support any part of [Insert Company]’s operations.
This policy applies to all supplier relationships who:
- Have access to sensitive or confidential data and/or,
- Recurring vendors with a significant annual spend.
Click the Access the Template button to receive an editable template.