Supplier Management Policy

Version: 1.0

Approved By: Richard D’Lonesteen

Created at: 14/08/2023

1. Purpose

The purpose of this document is to establish a formal Supplier Management Policy for ChattyAI, herein referred to as the “Company.” This policy aims to manage risks associated with third-party engagements, ensure service quality, maintain data security, and comply with legal and regulatory requirements.

2. Scope

This policy applies to all employees, contractors, and business units within the Company engaging with suppliers for the acquisition of goods and services, including, but not limited to, software, hardware, consulting services, and infrastructure.

3. Policy

3.1 Supplier Selection

Due Diligence: Prospective suppliers must undergo a comprehensive evaluation process that includes but is not limited to financial stability, market reputation, compliance with relevant standards (such as ISO, PCI-DSS), and cybersecurity practices.
Criteria: Selection criteria will be based on quality, reliability, cost-effectiveness, technological compatibility, and alignment with the Company’s values and security requirements.
Approval: All new suppliers must be approved by the designated authority prior to commencing business relations.

3.2 Contract Management

Agreements: All engagements with suppliers must be governed by legally binding contracts that clearly define terms of service, confidentiality obligations, data handling procedures, and liability clauses.
Review: Contracts must be reviewed periodically or when conditions change to ensure they continue to meet the Company’s needs and compliance obligations.
Renewal: Decisions to renew contracts will be based on supplier performance, continuing compatibility, and strategic necessity.

3.3 Risk Management

Assessment: The Company will conduct regular risk assessments concerning our suppliers to identify and mitigate risks in areas such as data privacy, service delivery, and dependency.
Audit Rights: Contracts with suppliers will include terms allowing regular audits of their compliance with agreed standards and practices.
Security Requirements: Suppliers handling sensitive data must meet specific security requirements, which will be clearly outlined in agreements and monitored regularly.