Supplier Management Policy
ISO20000 Toolkit: Version 10 ©CertiKit
Supplier Management Policy
Implementation guidance The header page and this section, up to and including Disclaimer, must be removed from the final version of the document. For more details on replacing the logo, yellow highlighted text and certain generic terms, see the Completion Instructions document.
Purpose of this document This document sets out the organization’s policy with respect to supplier management.
Areas of the standard addressed The following areas of the ISO/IEC 20000:2018 standard are addressed by this document: •
8. Operation of the service management system o 8.3 Relationship and agreement ▪ 8.3.1 General ▪ 8.3.4 Supplier management • 8.3.4.1 Management of external suppliers
General guidance The effective management of suppliers is key to delivering on SLAs where a significant part of the service is outsourced or dependent upon supplier performance.
Review frequency We would recommend that this document is reviewed annually.
Document fields This document may contain fields which need to be updated with your own information, including a field for Organization Name that is linked to the custom document property “Organization Name”. To update this field (and any others that may exist in this document): 1. Update the custom document property “Organization Name” by clicking File > Info > Properties > Advanced Properties > Custom > Organization Name. Version 1
Page 2 of 10
[Insert date]
Supplier Management Policy
2. Press Ctrl A on the keyboard to select all text in the document (or use Select, Select All via the Editing header on the Home tab). 3. Press F9 on the keyboard to update all fields. 4. When prompted, choose the option to just update TOC page numbers. If you wish to permanently convert the fields in this document to text, for instance, so that they are no longer updateable, you will need to click into each occurrence of the field and press Ctrl Shift F9. If you would like to make all fields in the document visible, go to File > Options > Advanced > Show document content > Field shading and set this to “Always”. This can be useful to check you have updated all fields correctly. Further detail on the above procedure can be found in the toolkit Completion Instructions. This document also contains guidance on working with the toolkit documents with an Apple Mac, and in Google Docs/Sheets.
Copyright notice Except for any specifically identified third-party works included, this document has been authored by CertiKit, and is ©CertiKit except as stated below. CertiKit is a company registered in England and Wales with company number 6432088.
Licence terms This document is licensed on and subject to the standard licence terms of CertiKit, available on request, or by download from our website. All other rights are reserved. Unless you have purchased this product you only have an evaluation licence. If this product was purchased, a full licence is granted to the person identified as the licensee in the relevant purchase order. The standard licence terms include special terms relating to any third-party copyright included in this document.
Disclaimer Please Note: Your use of and reliance on this document template is at your sole risk. Document templates are intended to be used as a starting point only from which you will create your own document and to which you will apply all reasonable quality checks before use.
Version 1
Page 3 of 10
[Insert date]
Supplier Management Policy
Therefore, please note that it is your responsibility to ensure that the content of any document you create that is based on our templates is correct and appropriate for your needs and complies with relevant laws in your country. You should take all reasonable and proper legal and other professional advice before using this document. CertiKit makes no claims, promises, or guarantees about the accuracy, completeness or adequacy of our document templates; assumes no duty of care to any person with respect its document templates or their contents; and expressly excludes and disclaims liability for any cost, expense, loss or damage suffered or incurred in reliance on our document templates, or in expectation of our document templates meeting your needs, including (without limitation) as a result of misstatements, errors and omissions in their contents.
Version 1
Page 4 of 10
[Insert date]
Supplier Management Policy
Supplier Management Policy
Version 1
DOCUMENT REF
SMS-DOC-083-12
VERSION
1
DATED
[Insert date]
DOCUMENT AUTHOR
[Insert name]
DOCUMENT OWNER
[Insert name/role]
Page 5 of 10
[Insert date]
Supplier Management Policy
Revision history VERSION
DATE
REVISION AUTHOR
SUMMARY OF CHANGES
Distribution NAME
TITLE
Approval NAME
Version 1
POSITION
SIGNATURE
Page 6 of 10
DATE
[Insert date]
Supplier Management Policy
Contents 1
2
Introduction ............................................................................................................... 8 1.1
Purpose ....................................................................................................................... 8
1.2
Scope .......................................................................................................................... 8
1.3
Governance and review ............................................................................................... 8
1.4
Policy compliance ........................................................................................................ 8
1.5
Related documents ...................................................................................................... 9
Policy statements ..................................................................................................... 10
Version 1
Page 7 of 10
[Insert date]
Supplier Management Policy
1 Introduction 1.1 Purpose The purpose of this policy document is to set out the approach that will be taken to the management of third-party suppliers in support of the delivery of IT services to the customer. This policy will inform and shape the processes, procedures, organizational structure and resourcing that are applied in support of establishing and maintaining effective communication and liaison between the parties involved.
1.2 Scope The scope of this policy is defined according to the following parameters: • • • •
Organizational o [List organizations and parts of those organizations covered] Geographical o [List locations within scope] Services o [Define the services covered by the policy] Technical o [If necessary, summarize the technology covered by this policy]
This policy covers all services defined in the service catalogue. The following areas are specifically excluded from this policy: [Describe any areas that need to be clearly stated as outside the scope]
1.3 Governance and review This policy has been defined by the Chief Information Officer with input from stakeholders and approved by the IT Steering Group. It will be reviewed on an annual basis and any amendments will be ratified by the IT Steering Group prior to publication.
1.4 Policy compliance Whilst success against some aspects of this policy will depend upon the resources, systems and processes put in place by management, compliance with this policy is largely mandatory for all employees of [Organization Name]. Where appropriate and at management Version 1
Page 8 of 10
[Insert date]
Supplier Management Policy
discretion, instances of non-compliance may be subject to formal disciplinary action in accordance with organizational HR procedures.
1.5 Related documents The following documents are relevant to this policy and should be read in conjunction with it: •
Supplier Management Process
Version 1
Page 9 of 10
[Insert date]
Supplier Management Policy
2 Policy statements [Organization Name] policy with respect to supplier management is as follows: • •
Where possible, a written contract shall exist between all parties involved in a contract and [Organization Name] will hold a hardcopy original signed by all parties which will also be scanned and held electronically The contract will include as a minimum: 1. The scope of the services, service components, processes or parts of processes to be provided or operated 2. Requirements to be fulfilled by the supplier 3. Service level targets 4. Authorities and responsibilities of [Organization Name] and the supplier
• • • • • • • •
Regular formal communication will be made with suppliers on a frequency dependent upon the amount of business conducted with the supplier and the importance of the goods or services to [Organization Name] A designated individual within [Organization Name] will be assigned to the management of each supplier Any changes to the scope or terms of existing contracts will be managed and documented via the change management process Interfaces with the external supplier must be defined and managed The performance of the external supplier must be monitored Contractual obligations of a supplier must be aligned with the relevant service level requirement for services supported by the supplier Contracts must be reviewed against current service requirements at planned intervals Contract disputes must be recorded and managed to closure
Version 1
Page 10 of 10
[Insert date]
