Internal Documentation

Vendor Management Policy

Purpose

The purpose of this policy is to establish a formalized procedure to ensure that current and potential IT vendors will be evaluated, selected, engaged, and managed in a consistent manner based on cost effectiveness, functionality/services risk, financial viability, and performance.

Scope

This policy applies to all employees, contractors, subcontractors, consultants, temporaries, guests, and third parties that use Cadence OneFive information assets or information resources. All information assets and information resources used by and in support of Cadence OneFive business operations must comply with the provisions of this policy.

Policy

Because of cost, expertise, or ease, it may be necessary for Cadence OneFive to engage the assistance of third-party service providers. This policy will help monitor the compliance-related risk associated with using third-party service providers. Cadence OneFive will monitor all vendors’ compliance with SOC standards by obtaining and reviewing a copy of each vendor’s SOC 2 report annually.

Responsibilities

IT personnel will:

  • Actively participate in the selection of vendors.
  • Maintain a list of IT vendors that affect financial data or confidential information.
  • Provide a list of IT vendors to the Disaster Recovery Administrator for Disaster Recovery evaluation and inclusion in the plan and inventory as appropriate.
  • When selecting a vendor, evaluate each material IT vendors’ cost effectiveness, functionality/services, risk, financial viability, compliance, and performance.
  • Consider the establishment or refinement of service levels when negotiating an arrangement with a new vendor or re-negotiating an existing arrangement.
  • Ensure contracts and agreements are in place ensuring the vendor’s compliance with legal and regulatory requirements and internal policies and procedures, so that all service levels are agreed upon and documented clearly and require the vendor to maintain the confidentiality of proprietary and confidentiality.
  • Manage relationships as follows:
    • Treat strategic vendors as a partner. Communicate clearly and directly with them. As appropriate, help them understand our business, culture, processes, goals, priorities, and expectations. Ensure roles and responsibilities are clear.
    • If a vendor is not performing to our satisfaction, the deficiencies are addressed through written communication reporting defects or performance issues. Depending on the severity of the issue, a vendor can be put on notice when the relationship is in jeopardy.

Visibility

This document is confidential and is a proprietary work product of Cadence OneFive. The information contained herein may not be copied or distributed without the specific written consent of Cadence OneFive.