Page 1

Supplier Management Policy

ISO/IEC 20000 Toolkit Version 9 ©CertiKit


Supplier Management Policy

Implementation Guidance (The header page and this section must be removed from final version of the document)

Purpose of this document This document sets out the organization’s policy with respect to supplier management.

Areas of the standard addressed The following areas of the ISO/IEC 20000:2018 standard are addressed by this document: 8.3.4 Supplier management

General Guidance The effective management of suppliers is key to delivering on SLAs where a significant part of the service is outsourced or dependent upon supplier performance.

Review Frequency We would recommend that this document is reviewed annually.

Toolkit Version Number ISO/IEC 20000 Toolkit Version 9 ©CertiKit.

Document Fields This document may contain fields which need to be updated with your own information, including a field for Organization Name that is linked to the custom document property “Organization Name”. To update this field (and any others that may exist in this document): 1. Update the custom document property “Organization Name” by clicking File > Info > Properties > Advanced Properties > Custom > Organization Name 2. Press Ctrl a on the keyboard to select all text in the document (or use Select, Select All on the ribbon) 3. Press F9 on the keyboard to update all fields 4. When prompted, choose the option to just update TOC page numbers

Version 1

Page 2 of 10

[Insert date]


Supplier Management Policy

If you wish to permanently convert the fields in this document to text i.e. so that they are no longer updateable, then you will need to click into each occurrence of the field and press Ctrl Shift F9. If you would like to make all fields in the document visible, then go to File > Options > Advanced > Show document content > Field shading and set this to “Always�. This can be useful to check that you have updated all fields correctly. Further detail on the above procedure can be found in the Toolkit Completion Instructions.

Copyright notice Except for any third party works included in this document, as identified in this document, this document has been authored by CertiKit, and is Š copyright CertiKit except as stated below. CertiKit is a company registered in England and Wales with company number 6432088.

Licence terms This document is licensed on and subject to the standard licence terms of CertiKit, available on request, or by download from our website. All other rights are reserved. Unless you have purchased this product you only have an evaluation licence. If this product was purchased, a full licence is granted to the person identified as the licensee in the relevant purchase order. The standard licence terms include special terms relating to any third-party copyright included in this document.

Disclaimer Please Note: Your use of and reliance on this document template is at your sole risk. Document templates are intended to be used as a starting point only from which you will create your own document and to which you will apply all reasonable quality checks before use. Therefore, please note that it is your responsibility to ensure that the content of any document you create that is based on our templates is correct and appropriate for your needs and complies with relevant laws in your country. You should take all reasonable and proper legal and other professional advice before using this document. CertiKit makes no claims, promises, or guarantees about the accuracy, completeness, or adequacy of our document templates, assumes no duty of care to any person with respect its document templates or their contents, and expressly excludes and disclaims liability for any cost, expense, loss or damage suffered or incurred in reliance on our document

Version 1

Page 3 of 10

[Insert date]


Supplier Management Policy

templates, or in expectation of our document templates meeting your needs, including (without limitation) as a result of misstatements, errors and omissions in their contents.

Version 1

Page 4 of 10

[Insert date]


Supplier Management Policy

[Replace with your logo]

Supplier Management Policy

Document Ref. Version: Dated: Document Author: Document Owner:

Version 1

Page 5 of 10

SMS-DOC-083-12 1 [Insert date]

[Insert date]


Supplier Management Policy

Revision History Version Date

Revision Author

Summary of Changes

Distribution Name

Title

Approval Name

Version 1

Position

Signature

Page 6 of 10

Date

[Insert date]


Supplier Management Policy

Contents 1

INTRODUCTION ....................................................................................................................................... 8 1.1 1.2 1.3 1.4 1.5

2

PURPOSE ................................................................................................................................................... 8 SCOPE ....................................................................................................................................................... 8 GOVERNANCE AND REVIEW ...................................................................................................................... 8 POLICY COMPLIANCE ................................................................................................................................ 8 RELATED DOCUMENTS.............................................................................................................................. 9

POLICY STATEMENTS ......................................................................................................................... 10

Version 1

Page 7 of 10

[Insert date]


Supplier Management Policy

1 Introduction 1.1

Purpose

The purpose of this policy document is to set out the approach that will be taken to the management of third party suppliers in support of the delivery of IT services to the customer. This policy will inform and shape the processes, procedures, organizational structure and resourcing that are applied in support of establishing and maintaining effective communication and liaison between the parties involved. 1.2

Scope

The scope of this policy is defined according to the following parameters: • • • •

Organizational o [List organizations and parts of those organizations covered] Geographical o [List locations within scope] Services o [Define the services covered by the policy] Technical o [If necessary, summarize the technology covered by this policy]

This policy covers all services defined in the service catalogue. The following areas are specifically excluded from this policy: [Describe any areas that need to be clearly stated as outside the scope]

1.3

Governance and Review

This policy has been defined by the Chief Information Officer with input from stakeholders and approved by the IT Steering Group. It will be reviewed on an annual basis and any amendments will be ratified by the IT Steering Group prior to publication. 1.4

Policy Compliance

Whilst success against some aspects of this policy will depend upon the resources, systems and processes put in place by management, compliance with this policy is largely mandatory for all employees of [Organization Name]. Where appropriate and at management discretion, instances of non-compliance may be subject to formal disciplinary action in accordance with organizational HR procedures.

Version 1

Page 8 of 10

[Insert date]


Supplier Management Policy

1.5

Related Documents

The following documents are relevant to this policy and should be read in conjunction with it: •

Supplier Management Process

Version 1

Page 9 of 10

[Insert date]


Supplier Management Policy

Policy Statements

2

[Organization Name] policy with respect to supplier management is as follows: •

Where possible, a written contract shall exist between all parties involved and [Organization Name] will hold a hardcopy original signed by all parties which will also be scanned and held electronically

The contract will include as a minimum: a. The scope of the services, service components, processes or parts of processes to be provided or operated b. Requirements to be fulfilled by the supplier c. Service level targets d. Authorities and responsibilities of [Organization Name] and the supplier

The roles of and relationships between lead and sub-contracted suppliers will be documented.

Regular formal communication will be made with suppliers on a frequency dependent upon the amount of business conducted with the supplier and the importance of the goods or services to [Organization Name]

Any changes to the scope or terms of existing contracts will be managed and documented fully via the change management process

Hardcopy contracts will be stored within [Service Provider]

Interfaces with the external supplier must be defined and managed

The performance of the external supplier must be monitored

Contracts must be reviewed against current service requirements at planned intervals

Contract disputes must be recorded and managed to closure

Version 1

Page 10 of 10

[Insert date]

Profile for CertiKit Limited

SMS-DOC-083-12 Supplier Management Policy  

SMS-DOC-083-12 Supplier Management Policy  

Profile for public-it