Vendor Management Policy

This Vendor Management Policy is effective dated: June 01, 2024

Control Document: GEF-CP-003, Ver. 1.0

Purpose

The purpose of this Vendor Management Policy is to establish guidelines for selecting, managing, and evaluating vendors to ensure that galaxefi (“Company”) receives high-quality services and products. This policy aims to mitigate risks, ensure compliance with legal and regulatory requirements, and maintain strong vendor relationships.

Scope

This policy applies to all employees, contractors, and stakeholders involved in the selection, management, and evaluation of vendors. It covers:

  • Vendor selection and onboarding
  • Vendor performance management
  • Risk management
  • Compliance and legal requirements
  • Termination and renewal of vendor contracts

Definitions

  • Vendor: Any third-party supplier, contractor, or service provider that provides goods or services to the Company.
  • Vendor Management: The process of managing and overseeing vendor relationships to ensure that vendors meet their contractual obligations and the Company’s standards.
  • Request for Proposal (RFP): A document issued to solicit bids from potential vendors for specific goods or services.

Objectives

The Company aims to achieve the following objectives:

  • Ensure the selection of vendors that meet the Company’s quality, security, and performance standards.
  • Manage vendor relationships effectively to maximize value and minimize risks.
  • Ensure compliance with legal, regulatory, and contractual requirements.
  • Maintain clear and consistent communication with vendors.
  • Conduct regular evaluations of vendor performance and address any issues promptly.

Vendor Selection and Onboarding

Vendor Selection

  • Identify the need for goods or services and develop detailed specifications and requirements.
  • Issue a Request for Proposal (RFP) to potential vendors, including criteria for selection.
  • Evaluate vendor proposals based on factors such as cost, quality, experience, references, and compliance with requirements.
  • Conduct due diligence on potential vendors to assess their financial stability, reputation, and ability to meet the Company’s needs.

Vendor Onboarding

  • Once a vendor is selected, negotiate and finalize the contract, including terms and conditions, deliverables, and performance metrics.
  • Ensure that the vendor understands and agrees to the Company’s policies and procedures, including data security and confidentiality requirements.
  • Provide the vendor with necessary access and resources to fulfill their contractual obligations.

Vendor Performance Management

Performance Monitoring

  • Monitor vendor performance regularly against agreed-upon metrics and key performance indicators (KPIs).
  • Conduct periodic reviews and assessments of vendor performance, including quality, timeliness, and compliance with contract terms.
  • Maintain records of vendor performance and any issues or incidents.

Issue Resolution

  • Address any performance issues or concerns promptly with the vendor.
  • Develop and implement corrective action plans if necessary.
  • Document all issues and resolutions for future reference.

Communication

  • Maintain regular communication with vendors to discuss performance, expectations, and any changes to requirements.
  • Hold periodic meetings with key vendors to review performance and discuss potential improvements or new opportunities.

Risk Management

Risk Assessment

  • Conduct a risk assessment for each vendor to identify potential risks, including financial, operational, compliance, and reputational risks.
  • Categorize vendors based on the level of risk and implement appropriate risk mitigation strategies.

Risk Mitigation

  • Implement controls and measures to mitigate identified risks, such as requiring vendors to maintain certain insurance levels or adhere to specific security protocols.
  • Monitor and review vendor risk periodically to ensure that risk mitigation measures remain effective.

Compliance and Legal Requirements

Legal Compliance

  • Ensure that all vendor contracts comply with applicable laws, regulations, and industry standards.
  • Include clauses in vendor contracts that require vendors to comply with all relevant legal and regulatory requirements.

Data Security and Privacy

  • Require vendors to adhere to the Company’s data security and privacy policies, including safeguarding sensitive and confidential information.
  • Conduct regular audits and assessments of vendors’ security practices to ensure compliance.

Termination and Renewal of Vendor Contracts

Contract Termination

  • Develop and follow procedures for the termination of vendor contracts, including notification requirements and handling of outstanding deliverables.
  • Document the reasons for termination and any lessons learned to improve future vendor management practices.

Contract Renewal

  • Review vendor performance and contract terms before renewing any vendor contracts.
  • Negotiate contract renewals to ensure that terms remain favorable and aligned with the Company’s needs.

Roles and Responsibilities

  • Vendor Management Team: Responsible for overseeing the vendor management process, including selection, onboarding, performance monitoring, and issue resolution.
  • Procurement Department: Assists in the vendor selection process, conducts due diligence, and negotiates contracts.
  • IT Department: Ensures that vendors adhere to the Company’s data security and privacy requirements.
  • Legal Department: Reviews vendor contracts for legal compliance and provides guidance on regulatory requirements.
  • Employees and Stakeholders: Responsible for adhering to this policy and reporting any issues or concerns related to vendor performance.

Policy Review and Updates

  • This policy will be reviewed annually and updated as necessary to ensure its effectiveness and alignment with industry best practices and regulatory requirements.
  • Changes to this policy will be communicated to all employees and stakeholders.

Quick Contact

By adhering to this Vendor Management Policy, galaxefi commits to maintaining high standards in service provider and partner selection and management, ensuring quality services and products, and mitigating risks associated with third-party vendors. For questions or concerns about this Policy, please use the following form: