Vendor Management Policy

Table of Contents

1. Introduction

2. Scope

3. Objective

4. Vendor Classification

5. Vendor Selection Criteria

6. Data Security Requirements

7. Monitoring and Auditing

8. Termination and Exit Strategy

9. Compliance and Enforcement

10. Amendments and Revisions

1. Introduction

This Vendor Management Policy outlines the processes and procedures that International Syndication Company LLC. employs to manage relationships with third-party vendors. This policy aims to ensure that vendors meet our security, legal, and operational standards.

2. Scope

This policy applies to all employees, departments, and units within International Syndication Company LLC. who interact with third-party vendors, including contractors and consultants.

3. Objective

To establish guidelines for selecting, monitoring, and assessing vendors in a manner that aligns with the company’s business objectives and risk management strategies.

4. Vendor Classification

Vendors are classified into the following categories based on the nature and scope of their services:

• Critical Vendors: Handle sensitive data, intellectual property, or other key business elements.

• Non-Critical Vendors: Provide services that do not directly impact the company’s core operations.

5. Vendor Selection Criteria

Vendor selection will be based on:

• Compliance with data protection laws

• Financial stability

• Reputation

• Quality of service

6. Data Security Requirements

All vendors must adhere to our data security requirements, which include:

• Compliance with GDPR, CCPA, and other relevant laws

• Secure data transmission protocols

• Secure storage solutions

7. Monitoring and Auditing

Vendors will be subjected to:

• Annual audits

• Monthly performance reviews

8. Termination and Exit Strategy

Either party may terminate the agreement based on breach of contract or performance issues. A clear exit strategy must be outlined in the initial agreement.

9. Compliance and Enforcement

Violations of this policy may lead to:

• Penalties

• Termination of the vendor contract

10. Amendments and Revisions

International Syndication Company LLC. reserves the right to modify this policy at any time. Vendors will be notified of any changes.

This document is subject to ongoing review and approval by the Data Protection Officer, Mr. Chris York, and senior management.

Approved by:

Mr. Chris York Data Protection Officer

dpo@isyndicate.io

Date: 9th September 2023