Supplier Management Policy

All your company policies and legal agreements in one platform

What is a Supplier Management Policy?

A Supplier Management Policy helps protect your organisation’s assets from outsourcing risk by implementing a sound supplier policy.

Why is a Supplier Management Policy important?

Institutions increasingly adopt third-party supplier services, in particular, technology solutions in order to access expertise and tap into cutting-edge technology, at an economically viable rate. This has changed the risk profile of companies, with greater risk now sitting with third parties. The objective of this policy is to ensure:

there is effective day-to-day management and oversight of suppliers by the management team
the risks associated with the outsourcing of critical or important functions are identified and controls are put in place to mitigate those risks
there are appropriate plans for the exit from outsourcing arrangements of critical or important functions, e.g. by migrating to another service provider

ISO 27001 Supplier Management Policy

InfoSec policies are part of the requirements of the ISO 27001 Certification standard. The Supplier Management policy is one of those ISO 27001 policies required, you can take a look at the full list here. If you need more information about Third Part Risk Management, you can find it here.

Supplier Management Policy Sections

The principles, responsibilities and processes applicable to outsourcing

An outsourcing register (a.k.a. supplier / vendor register)

Third-party due diligence and risk assessments

Outsourcing agreement requirements

Continuity of third-party services

Supplier Management Policy Related

Related terms: Third-Party Risk Management, TPRM, Vendor Risk Management Outsourcing Policy, Third-Party Risk Management Policy, Supplier relationships, supplier agreements.

Framework references: ISO 27001