1.5 Related documents

1 Introduction

1.1 Purpose

The purpose of this policy document is to set out the approach that will be taken to the management of third-party suppliers in support of the delivery of IT services to the customer. This policy will inform and shape the processes, procedures, organizational structure and resourcing that are applied in support of establishing and maintaining effective communication and liaison between the parties involved.

1.2 Scope

The scope of this policy is defined according to the following parameters:

Organizational o [List organizations and parts of those organizations covered] Geographical o [List locations within scope] Services o [Define the services covered by the policy] Technical o [If necessary, summarize the technology covered by this policy]

This policy covers all services defined in the service catalogue.

The following areas are specifically excluded from this policy:

[Describe any areas that need to be clearly stated as outside the scope]

1.3 Governance and review

This policy has been defined by the Chief Information Officer with input from stakeholders and approved by the IT Steering Group.

It will be reviewed on an annual basis and any amendments will be ratified by the IT Steering Group prior to publication.

1.4 Policy compliance

Whilst success against some aspects of this policy will depend upon the resources, systems and processes put in place by management, compliance with this policy is largely mandatory for all employees of [Organization Name]. Where appropriate and at management

discretion, instances of non-compliance may be subject to formal disciplinary action in accordance with organizational HR procedures.

1.5 Related documents

The following documents are relevant to this policy and should be read in conjunction with it:

Supplier Management Process

2 Policy statements

[Organization Name] policy with respect to supplier management is as follows:

Where possible, a written contract shall exist between all parties involved in a contract and [Organization Name] will hold a hardcopy original signed by all parties which will also be scanned and held electronically The contract will include as a minimum:

1.

2. 3. 4. The scope of the services, service components, processes or parts of processes to be provided or operated Requirements to be fulfilled by the supplier Service level targets Authorities and responsibilities of [Organization Name] and the supplier

Regular formal communication will be made with suppliers on a frequency dependent upon the amount of business conducted with the supplier and the importance of the goods or services to [Organization Name] A designated individual within [Organization Name] will be assigned to the management of each supplier Any changes to the scope or terms of existing contracts will be managed and documented via the change management process Interfaces with the external supplier must be defined and managed The performance of the external supplier must be monitored Contractual obligations of a supplier must be aligned with the relevant service level requirement for services supported by the supplier Contracts must be reviewed against current service requirements at planned intervals Contract disputes must be recorded and managed to closure