Third Party Management Policy Template

Thursday, September 22nd 2022. | Sample

Third Party Management Policy Template – 2. Develop and maintain third-party relationships as required, following these core components of a good evaluation program. Third parties are extensions of the organization and their actions can directly affect brand relevance and reputation. This requires companies to interview, assess and monitor tens, hundreds or even thousands of third parties and take action against those who do not comply. The Third Party Risk Management Lifecycle is a model that helps organizations conduct an independent review process. Its components are based on best practice procedures for identifying, mitigating and managing compliance risks. This model can be used to evaluate a potential supplier, supplier or global partner before signing contracts. You can also use this model to evaluate supplier performance. Lifecycle Component Planning Creating an evaluation plan before signing contracts will help mitigate risk before the relationship is established. Do not rely solely on experience or prior knowledge before entering into a contract. Consider the following when planning and evaluating: LockPath, Inc College Boulevard #200, Overland Park, KS (913) Page 2 of 6

3 What are the strategic business objectives for hiring this third party? How will this relationship affect your employees? How will this relationship affect your customers? Do you have a third-party evaluation program? How would you rate this third party? What landmarks will you use? Do you have a workflow to address risks or incidents identified in assessments and audits? Do you have a system of assessment and audit reports so you can demonstrate compliance? Is this third party a threat to your business, compliance, reputation, strategy or products? Due Diligence Conduct due diligence on your third parties to ensure they are able to perform their duties in accordance with federal and international laws and regulations. Consider the following considerations when designing your due diligence program: General Considerations Will the third party use subcontractors to fulfill its contractual obligations? How does the third party evaluate its subcontractors? Do these subcontractors have the necessary skills and licenses to meet quality and compliance standards? Are these subcontractors compliant with regulations such as the Foreign Corrupt Practices Act (FCPA)? Is the third party financially sound? Will it work in six months, a year or five years? How will hiring this third party affect your business continuity plan? Does a third party have a business continuity plan for your business? For suppliers How reliable is this supplier’s product? How are their products purchased? Where is its product manufactured? Are its products manufactured and delivered on time so that your processes are not delayed? What quality assurance procedures does its product undergo to ensure maximum performance? How will you handle customer complaints about the supplier’s product? Are the supplier’s business ethics consistent with your organization’s business ethics? Where does the supplier get the materials from? Are the materials from compromised sources, illegal sources or conflict zones? Does the supplier comply with local and federal labor laws? What are the working conditions on the supplier’s side? Does the service provider follow sustainable practices? Does the supplier comply with ethical standards such as the FCPA? Does the supplier have a legal and compliance program, the necessary licenses to operate and comply with both local and international regulations? For suppliers How reliable is the supplier’s service? Will the supplier meet the deadline? Will the vendor meet your deadlines? What are the seller’s escalation and redress processes if they don’t work well? What quality assurance procedures does the service provider follow to ensure satisfactory performance? LockPath, Inc College Boulevard #200, Overland Park, KS (913) Page 3 of 6

Third Party Management Policy Template

Third Party Management Policy Template

4 What quality assurance procedures will you follow for the service provider’s services to ensure satisfactory performance? What access will your organization have to this service provider? What systems will the supplier need access to? Will the supplier have access to any sensitive or confidential information? Does the vendor comply with security standards such as ISO/IEC or PCI? If the service provider needs access to the data, what permissions will they need? If the supplier needs access to the building, will they have access to restricted areas? Will the supplier go through the onboarding process? Which parts of your business will be affected by the supplier? Is learning your policies and procedures part of the vendor onboarding process? What additional training will the supplier need? Will the seller require additional security measures, physical or virtual? Does the supplier have the necessary licenses and insurance policies to work with your organization? For partners Will this partner represent your brand? How will the partner communicate about your brand and/or products? How will referrals and brand assets be delivered to the partner? What brand material approval processes are required to ensure brand compliance? Will the partner need to implement your policies and procedures in their organization? What processes are in place to communicate your policies and procedures? How will you ensure your partner follows your policies and procedures? How will you monitor whether the situation will be corrected if the partner does not follow your policies and procedures? Does the partner have international offices and operations? Does the partner have the necessary licenses and insurance policies to work with your organization? What guarantees of international compliance does the partner have? What corrective processes do you have in place in case of non-compliance? Evaluation and Monitoring Once a third party has been selected and contracted, it is important to ensure that it meets or exceeds your expectations. Continuous monitoring of third-party products and performance, as well as periodic evaluation, is a great way to ensure quality of work while maintaining compliance. Appraisals Will your contract include the right to issue and conduct periodic performance appraisals? How often will you rate a third party? What are the time limits for responding to the assessment and what are the consequences if the third party does not respond within this time limit? Is there a workflow in place to address the risks identified in the assessments? What compliance clauses will you evaluate? Will you use internal or external third-party assessment resources? What external resources, if any, will you use to evaluate the third party? If a third party uses subcontractors, what is your process for evaluating those subcontractors? If a third party uses subcontractors, what is your process to ensure that identified risks are addressed? Will your periodic assessments review your third-party information security program, disaster recovery program, and business continuity plans? LockPath, Inc College Boulevard #200, Overland Park, KS (913) Page 4 of 6

Third Party Vendor Risk Management Solutions

5 Monitoring Who in your organization is responsible for monitoring the activities and performance of third parties? Will you be doing external assessment visits? How will you monitor the activities of third parties to ensure compliance with local and federal regulations? How will you monitor the activities of third parties to ensure compliance with your policies and practices? How often will you check third-party policies against your controls? Trouble shooting and incident prevention is a key part of maintaining a risk management lifecycle. Without remediation, processes quickly fail, creating inefficiencies and increasing risk and noncompliance. A problem and incident plan will help expedite the reimbursement process, ensuring compliance for you and your third parties. Who do you hold responsible for non-compliance and incidents? Who is the third party responsible for non-compliance and incidents? What is your escalation process for a quality assurance issue or incident? What is the third-party escalation process for a quality assurance issue or incident? Do you have a remediation process in place if a third party fails to comply with any rules or regulations? Is there a workflow in place that defines the internal/external resources and tasks required for remediation? How is your patching process documented? How often will you review patches to ensure they are complete and implemented in processes? LockPath Supplier Risk Management Solution Evaluating and monitoring suppliers and third parties is a complex task when done manually. On the other hand, an automated system can help organizations identify, categorize, track and recommend risk mitigation measures to support business and regulatory compliance. The LockPath Keylight platform can simplify the third-party risk management lifecycle by offering the following features: Supplier Relationship Management Keylight helps users effectively assess risk, communicate policies and manage contracts, supplier profiles and supplier performance. Third-Party Surveys Users can create surveys based on questions provided by content providers, such as Shared Assessments, or they can customize their own. Users can take third-party surveys in subsets and/or at different intervals, and you can distribute surveys to multiple providers in minutes. Automate support checks and audits With Keylight, users can create third-party policies and link ratings to those policies. The platform also helps users store and document vendor due diligence and corrective actions, categorize and categorize

Third party security policy, selling insurance policy to third party, third party risk management policy, patch management policy template, third party policy template, third party vendor management policy, third party management policy, third party risk assessment template, vendor management policy template, it asset management policy template, log management policy template, vendor risk management policy template