Difference between revisions of "ISO:Supplier Relationships and Procurement"

Latest revision as of 17:28, 11 September 2023

This document can now be found at its new location in the Hornbill Document Library.

@@ Line 1: / Line 1: @@
+This document can now be found at its new location in the [https://docs.hornbill.com/hornbill-cloud/iso/supplier-relationships-and-procurement/ Hornbill Document Library].
+[[file:hornbill-document-library.png|Hornbill Cloud|link=https://docs.hornbill.com/hornbill-cloud/iso/supplier-relationships-and-procurement/]]
+<!--
+Hornbill chooses its suppliers carefully to ensure that our service delivery is not impacted\jeopardized and that they, at the very least, care about data security in the same way Hornbill does. Below are details on how we choose and monitor suppliers.
 == Supplier Relationships and Procurement==
 A Risk Assessment should be carried out to identify specific controls implemented before granting access to third parties or customers.
@@ Line 33: / Line 40: @@
 * controls over any allowed sub-contractors
 * conditions for termination/re-negotiation of agreements, including contingency plans.
+We are also committed to ensuring that there is no modern slavery or human trafficking in our supply chains or in any part of our business.
+We have zero tolerance to slavery and human trafficking. To ensure all those in our supply chain and contractors comply with our values we have in place a supply chain compliance programme.
+All suppliers when reviewed (Either annually\new contract or prospective stage) are engaged to ensure that they to achieve the same ethical standards as ourselves.
+To ensure a high level of understanding of the risks of modern slavery and human trafficking in our supply chains and our business, we provide training on our Supplier management policy to all to our staff covered under the policy
+==Monitoring of Service Delivery==
+===Supplier Monitoring===
+*All Incidents relating to a given Supplier will be logged in Hornbill Service manager.  Each report is reviewed post incident to ensure actions taken to prevent recurrence, any effected controls are reviewed and where necessary any documentation\policies updated. The incident review also ensure that no contractual SLA\OLA was broken (Note that this is separate to and in addition of the ongoing standard Supplier review process detailed below), that our SLA\Uptime for customer was not jeopardized and that any legal obligations for data protection have been met. Any incident in which SLA\OLA\Uptime was jeopardized will result in review of supplier where appropriate.
+*All Incidents will be reviewed during the annual management meeting to ensure they are aware of the incident and establish whether they wish to proceed with the given supplier.
+*The external party agreement includes reporting structures, defines acceptable levels of performance and provides monitoring, inspection and audit rights.
+*The relationship owner monitors performance against the service and security criteria contained in the agreement, ensures that reports required under the agreement are delivered as required and reviews them, and conducts regular progress meetings as required.
+*The relationship owner ensures that information security incidents experienced by the third party are reviewed jointly and that relevant information security incidents experienced internally are communicated to the third party so that appropriate steps can be taken.
+*The relationship owner identifies any problems of any sort (including operational problems, failures, faults and tracing faults, and disruptions), on either side of the relationship, and ensures that they are resolved, using the agreed escalation procedure where necessary.
+-->
+[[Category:HDOC]]
+<!-- hornbill-cloud/iso/supplier-relationships-and-procurement -->

Difference between revisions of "ISO:Supplier Relationships and Procurement"

Latest revision as of 17:28, 11 September 2023

Navigation menu

Search