1. Overview and Scope

1.1 Overview

This document sets forth [Insert Company]’s key policy requirements related to the management of suppliers and their sub-contractors.  It is the intent of this policy to define the risk framework to be utilized for managing supplier relationships, to provide direction, and to enforce standards and safeguards to enable [Insert Company] to assess, manage, and mitigate the various types of risks presented by the supplier relationship with the understanding that [Insert Company] is ultimately responsible for all activities that are handled by a third party on behalf of [Insert Company].

This Supplier Risk Management Policy (Policy) defines our framework for managing supplier relationships. It describes our expectations for classifying our suppliers based on risk; establishes appropriate measures to mitigate risks; and outlines the processes and associated controls for selecting, risk ranking, contracting with, monitoring, and terminating relationships with our suppliers.

1.2 Purpose

This policy and its supporting procedures are designed to provide [Insert Company] with a documented and formalized supplier risk management policy to manage vendor relationships throughout the supplier lifecycle.

1.3 Scope

This Policy applies to (i) employees who manage supplier relationships on the company’s behalf; and (ii) all third-party consultants, subcontractors, and vendors, including their employees, agents, and representatives (together, suppliers), that provide services to [Insert Company]. “Services” include applications, products, systems, infrastructure, networks, security measures, advisory services, personnel, financial products, insurance, and other offerings that support any part of [Insert Company]’s operations.

This policy applies to all supplier relationships who:

  • Have access to sensitive or confidential data and/or,
  • Recurring vendors with a significant annual spend.


Click the Access the Template button to receive an editable template.

Access the Template