Third Party Risk Management Sample Clauses

Third Party Risk Management. Supplier shall maintain an appropriate risk management and mitigation program for its critical suppliers. Supplier will share relevant risk metrics with Buyer. In selected cases, upon request by Buyer, Supplier will provide evidence to Buyer by sharing (anonymized) risk assessments and audit reports.

Third Party Risk Management. Novartis expects the supplier to adhere to ethical business practices and to observe the Novartis Third Party Code and any other applicable Novartis codes, policies and guidelines. By providing goods/services/deliverables pursuant to this Purchase Order, the supplier hereby agrees that it will:  comply with the Third Party Code (and any published updates) which can be viewed and downloaded from ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/esg/reporting/codes-policies-and- guidelines (the supplier may request a copy free of charge from Novartis);  provide information/documentation on reasonable request to Novartis, its affiliated companies and respective representatives to allow Novartis to verify compliance with the Third Party Code in the form requested;  use best endeavours to rectify identified non-compliances with the Third Party Code (where capable of remedy) and report remediation progress to Novartis, its affiliated companies and respective representatives on request;  ensure supplier’s affiliated companies and/or subcontractors/agents directly engaged in providing goods/services/deliverables in pursuance of this Purchase Order are also required to comply with all the above requirements; and  where required by Novartis, fully co-operate (at supplier’s own expense) with Novartis and Novartis affiliated companies and respective representatives in completing and returning, as reasonably instructed, any questionnaire relating to compliance topics including, without limitation, anti-bribery compliance, that supplier has received as part of Novartis Third Party Risk Management processes at any time and any updates of same (“Questionnaire for Third Parties”). The supplier warrants and represents that the information provided in any Questionnaire for Third Parties (whether provided before or after the date of this Purchase Order, including updates to the same) is accurate and complete (and such information shall be treated as being part of the agreement between Novartis and the supplier pursuant to this Purchase Order). For the avoidance of doubt, this subparagraph applies to the supplier only, and not to any subcontractor engaged by the supplier in accordance with the terms of this Purchase Order (including in accordance with the provisions of the Third Party Code). Seven business days after the receipt of a written request from Novartis, the supplier will allow Novartis associates (or any third party auditor nominated by Novartis) adequate access to supplier’s premises ...

Third Party Risk Management. ▇▇▇▇▇▇ has put in place a third party risk management framework which is aimed at promoting the societal and environmental values of the United Nations Global Compact with third parties that Sandoz deals with. In connection with the above, Supplier shall 8.1.1 comply with the “Third Party Code” (and any published updates thereof) which can be viewed and downloaded from ▇▇▇▇▇://▇▇▇▇.▇▇▇.▇▇▇▇▇▇.▇▇▇/sites/spare53_sandoz_com/files/2023- 10/Sandoz-Third-Party-Code.pdf; 8.1.2 provide information/documentation on reasonable request to Sandoz to allow ▇▇▇▇▇▇ to ver- ify compliance with the Third Party Code in the form requested; 8.1.3 rectify identified non-compliances with the Third Party Code (where capable of remedy) and report remediation progress to ▇▇▇▇▇▇ on request; 8.1.4 ensure that Supplier’s Affiliates, Subcontractors and/or agents of Supplier also comply with the above requirements relating to the Third Party Code; and 8.1.5 where required by ▇▇▇▇▇▇, co-operate with ▇▇▇▇▇▇ in completing and returning, as reason- ably instructed, the Questionnaire for Third Parties. Supplier warrants and represents that the information provided in any Questionnaire for Third Parties is accurate and complete. For the avoidance of doubt, this subparagraph applies to Supplier only, and not to any Subcontractor engaged by it.

Third Party Risk Management. Databricks assesses the security compliance of applicable third parties, including vendors and subprocessors, in order to measure and manage risk. This includes, but is not limited to, conducting a security risk assessment and due diligence prior to engagement and reviewing external audit reports from critical vendors at least annually. In addition, applicable vendors and subprocessors are required to sign a data processing agreement that includes compliance with applicable data protection laws, as well as confidentiality requirements.

Third Party Risk Management. If the Parties have agreed certain remediation actions identified as part of Deloitte’s third party risk management process, these are set out in Schedule 6. The Supplier has agreed to complete these remediation actions within an agreed timeframe notified by Deloitte set out in Schedule 6 and, as required, to co-operate with Deloitte regarding such completion. The Parties agree that this clause is a condition of this Agreement.

Third Party Risk Management. Novartis has put in place a Third Party risk management framework which is aimed at promoting the societal and environmental values of the United Nations Global Compact with specific third parties that Novartis deals with (the “Third Party Code”). In connection with the above, Licensor shall: (a) comply with the Third Party Code as set out at ▇▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇/▇▇▇▇▇▇▇▇_▇▇▇/▇▇▇▇▇/▇▇▇▇▇▇▇▇-▇▇▇▇▇-▇▇▇▇▇-▇▇▇▇-▇-▇.▇▇▇; (b) having regard to Section 12.6 of the Third Party Code, provide information/documentation on reasonable request to Novartis (or any Third Party auditor reasonably acceptable to Licensor) to allow Novartis to verify Licensor’s compliance with the Third Party Code in the form requested; (c) use its Commercially Reasonable Efforts to rectify identified non-compliances with the Third Party Code (where capable of remedy) and report remediation progress to Novartis on request; and (d) Licensor shall adopt standards that cover the same principles and content included in the Third Party Code when appointing its own suppliers or contractors who are engaged (and to the extent they are engaged) specifically for the purpose of this Agreement.

Third Party Risk Management. (1) Within ninety (90) days from the date of this Agreement, the Board shall submit to the Assistant Deputy Comptroller for review and prior written determination of no supervisory objection a revised third party management program that meets the standards outlined in Appendix B of 12 C.F.R. 30, the “Information Security,” “Management,” and “Outsourcing Technology Services” booklets of the Federal Financial Institutions Examinations Council’s IT Examination Handbooks, and OCC Bulletin 2013-29, Third-Party Relationships: Risk Management Guidance. The Bank’s program shall, at a minimum, include: (a) delegation of oversight responsibility for proper implementation of the Bank’s vendor management program to appropriate management personnel; (b) ongoing Board review and monitoring of the program; (c) a third party risk rating methodology that includes (i) categories and descriptions of different levels of risk; (ii) identification of and definitions for risk assessment factors to be used in assigning a risk rating to third parties, as well as guidance on how to apply the factors to third party relationships; (d) a list of all third party service providers utilized by the Bank, including but not limited to any vendor with potential access to or impact on customer information or customer services; (e) policies and procedures which define vendor review frequency and develop a schedule therefrom, which ensure management reviews vendors according to the established schedule, and which ensures any exceptions to the vendor schedule be defined and tracked; (f) policies and procedures to ensure that management conducts and documents proper due diligence, including a risk assessment, prior to signing a contract with any third party; and (g) policies and procedures to ensure that management conducts and documents ongoing monitoring of existing third party relationships. (2) Within thirty (30) days following receipt of the Assistant Deputy Comptroller’s written determination of no supervisory objection to the revised program required by paragraph (1) of this Article, the Board shall adopt, implement, and thereafter ensure adherence to the revised program.

Third Party Risk Management. Coinbase will maintain an appropriate level of supervision of each Approved Validator and make appropriate enquiries, periodically, to confirm that the obligations of the Approved Validator continue to be adequately discharged. Coinbase represents, warrants and covenants that each Approved Validator is and will continue to be subject to a third party risk review in accordance with Coinbase’s Third Party Risk Management Policy, including but not limited to the review of the Approved Validators network and data security, financial wherewithal and insurance coverages.

Third Party Risk Management. (1) Within sixty (60) days of the date of this Agreement, the Board shall adopt and Bank management shall implement and thereafter adhere to a written program to effectively assess and manage the risks posed by third-party fintech relationships (“Third-Party Risk Management Program”). Refer to OCC Bulletin 2013-29, “Third-Party Relationships” and OCC Bulletin 2020-10, “Third-Party Relationships: Frequently Asked Questions to Supplement OCC Bulletin 2013-29”; Refer to OCC Bulletin 2021-40, “Third-Party Relationships: Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks”. (2) The Third-Party Risk Management Program shall be commensurate with the level of risk and complexity of the Bank’s third-party fintech relationship partners and shall, at a minimum, address the following for the Bank’s third-party fintech relationship partners: (a) written policies, procedures, and processes governing the Bank’s third- party fintech relationship partners that, at a minimum: (i) address how the Bank identifies and assesses the inherent risks of the products, services, and activities performed by the third-parties, including but not limited to BSA, compliance, operational, liquidity, counterparty and credit risk as applicable; (ii) details how the Bank selects, assesses, and oversees third-parties; (iii) details the Bank’s strategic plan for providing necessary resources, infrastructure, technology controls, and organizational capabilities to manage the third-party fintech relationship partners in a safe and sound manner; and (iv) establishes criteria for Board review and approval of third-party fintech relationship partners; (b) an assessment of BSA risk for each third-party fintech relationship partner, including risk associated with money laundering, terrorist financing, and sanctions risk as well as the third-party’s processes for mitigating such risks and complying with applicable laws and regulations; (c) due diligence and risk assessment criteria for selecting and approving a third-party fintech relationship partner that is appropriate and unique to the particular products, services, and activities provided by the third-party; Refer to OCC Bulletin 2021-40, “Third-Party Relationships: Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks”; (d) an effective compliance oversight program for third-party fintech relationship partners to include: (i) evaluation of the products, services, and activities ...