Vendor Management Policy

This Vendor Management Policy outlines the guidelines and procedures for managing relationships with external vendors and third-party partners to ensure the security, compliance, and efficiency of Legistify Services private limited.

All employees involved in vendor management activities are required to adhere to this policy.

Prior to engaging with a vendor, a thorough evaluation will be conducted to assess their capabilities, financial stability, security practices, and overall suitability.

Vendors must be in compliance with relevant laws, regulations, and industry standards.

All engagements with vendors will be formalized through written contracts that clearly outline:

Legal review and approval will be obtained for all vendor contracts.

Vendors must implement and maintain robust information security practices to protect any data or systems they have access to.

The organization reserves the right to conduct periodic security assessments and audits of vendors' security measures.

Vendors must sign non-disclosure agreements (NDAs) to ensure the confidentiality of any sensitive information shared during the course of the business relationship.

Vendors are prohibited from disclosing any confidential information to third parties without explicit written consent from Legistify Services private limited.

Vendors are required to comply with all applicable laws and regulations.

Risk assessments will be conducted regularly to identify and address any potential risks associated with vendor relationships.

Key performance indicators (KPIs) and SLAs will be established for vendor relationships.

Regular performance reviews will be conducted, and vendors will be held accountable for meeting agreed-upon standards.

Vendors are required to report any security incidents or breaches promptly to Legistify Services private limited.

The organisation and the vendor will collaborate on incident response and resolution activities.

Vendors must have business continuity and contingency plans in place to ensure the continued delivery of services in the event of disruptions.

The organization reserves the right to review and approve vendors' business continuity plans.

Vendor relationships may be terminated if the vendor fails to meet contractual obligations, breaches security or confidentiality agreements, or poses a significant risk to the organization.

Termination procedures, including data handover and transition plans, will be defined in the contract.

Employees involved in vendor management activities will receive training on the organization's vendor management policies and procedures.

Awareness programs will be conducted to keep employees informed about the importance of vendor management.

This policy will be reviewed and updated at least annually or as needed to address changes in the organisations structure, technology, or regulations.

Compliance with this policy will be monitored through regular audits and assessments.

Violations of this Vendor Management Policy may result in disciplinary action, including termination of employment or legal action.

Employees are encouraged to report any breaches or violations promptly and may do so without fear of retaliation.