Supplier Due Diligence Assessment (Template)
- Jan Tenenberg
Analytics
This page provides the template for a supplier assessment; unless a specific contract/agreement is formed between any supplier and Vertic Pty Ltd, the below assessment must be completed to the largest extent possible for each supplier.
ORGANIZATION UNDER | Name of the organization |
PRODUCTS OR SERVICES | Details of the specific offering from the organization that is being reviewed |
DATE OF ASSESSMENT | When the assessment started |
ASSESSOR | The person carrying out the assessment |
ASSESSOR COMMENTS | Explain any relevant circumstances that may affect the assessment outcome |
Requirements compliance assessment
List the main requirements the product or service must meet and assess whether these are provided in a satisfactory way.
NO
| REQUIREMENT | MET? | COMMENTS |
1 | What must the product or service do? | ☐ |
|
2 | State service levels needed | ☐ |
|
3 |
| ☐ |
|
4 |
| ☐ |
|
5 |
| ☐ |
|
6 |
| ☐ |
|
7 |
| ☐ |
|
8 |
| ☐ |
|
9 |
| ☐ |
|
10 |
| ☐ |
|
Organization assessment
REGISTERED NAME | Official name, for example, name at Companies House, including type of organization |
COUNTRY OF REGISTRATION | Nationality of the organization |
WHEN FORMED | When was it registered? |
APPROXIMATE SIZE | Judge from website if possible |
RESULTS OF INTERNET SEARCH | Search the organization name to see if any relevant information is revealed |
Commercial/contractual assessment
PRICE | What is the cost, in which currency and for what time period? For example, $10 pcm. Does the price include tax? |
PRICING STRUCTURE | Does the price change if additional units are added? |
TERMS OF SALE | Review the Ts and Cs for reasonableness |
CONTRACT TERMS | Including length, renewal and termination provisions |
APPLICABLE LAW | From contract |
Information security assessment
CLASSIFICATION OF DATA INVOLVED | Confidential, internal use only, public |
CERTIFICATIONS HELD | For example, ISO/IEC 27001, Privacy Shield, ISO9001, Cyber Essentials |
INFORMATION SECURITY POLICY AVAILABLE? | On website or available on request? |
CONTROLS IN PLACE | Is encryption used? Data centre protection |
Result of assessment
DECISION | Approved/rejected |
REASON FOR DECISION | Main reasons why |
DATE OF DECISION | Date (may be different to date of assessment) |
ASSESSOR COMMENTS | Any other relevant factors that should be considered |