POL00337622
POL00337622
Page 1 of 36
Contract Management Framework
For Post Office and its Group Companies (Post Office Management
Services Limited (POMS / POI) and Payzone Bill Payment Limited (PZBPL))
Date Version Updated by Change Details
Sarah J Gray/ Renata
01 September 2020 I 3 Prywerek Final
24 August 2021 4 Sarah J Gray / Mark [Updating links to the relevant
Underwood Intranet Pages. Introduction
lof a Contract Management
Handover Template
Otherwise stylistic.
In this guide “Post Office” includes Post Office Limited, Post Office Management Services Limited
and Payzone Bill Payments Limited.
POL00337622
POL00337622
Page 2 of 36
1. INTRODUCTION ss 2 << sceseeswewans ss 05021 sxneeeeqenieae va 151 004 seewewayenaassi0s1450 eeveveewamasesi tease 4
2 RELATIONSHIP MANAGEMENT AND PROCESSES ......cccssseeeeeeeseeseeeeeeeeeeesenteeeneeeeanee 6
2.1. Contractual landscape at Post OFFICE ........ecscceetteeeetteectteeeestteeeeneeeeetieeestteeeesiaaees 6
Zale — PIANMUNG swesnenes cecsesernnmensnmesness0sscesed volstnniaise ss susan vvsi(ommmwenls ssa sii os noieoueseensrsssisds 6
2.3. Onboarding and tenders
2.4. I Contract Management Team - Roles & Responsi
2.4.1. Responsibilities of the Contract OWNET .......:cscccessesececsssseeeeeeeceeeeeseseeeeeeneneeeseseeeeees 8
2.4.2. Responsibilities of the Contract MANa@Qer ........ceeeeceeeeeeeeeeeeneeeeeeneeseeeneeeneeneeeneeeeeene 9
2.4.3. Teams supporting the Contract Managers and Contract OWNEIS.........csseceeseeeeeee eens 10
2.5. I WEB3 - Digital Contract Management Tool .
2.6. I Assessment and Acceptance of Risk.
2.7. Contract Approval
2.7.1. AUthority to SIQM.....cccccceceeeeeeeeeeeee eee e eee etee eee eee ee EEE EAE H AH EEEE EEE EEEEEA HAE HH HEE EE EEE EE EERE EE 14
2.8. Execution of Contracts FIOWChArt ........ccccsecseeeeeseeeeseteaeeeeeeeseeneneessaeeeeeeseeeenenanes 15
2.9. Storage of Contracts
3. CONTRACT MANAGEMENT IN DETAIL.
3.1. Contractual Terms
32s RiSk MAMAQQMeMts sss ss scmwptnteraae a 58505150 comatepistammep 05354 5254 queiietianiones 64554 05 8 expecta nosis 17
3.3. I Developing Internal and External Relationships .............cccccssseeeeeueeeeeeeesseeeeeeennees 17
3.4. Payment and budgets
3.5. I Contract Review..
3.6. I Managing wider market issue:
3.7. Handling of contract changes
3.8. Manage Complaints and Disputes........:ccscccsceseessseeseeseseesseecseesseesseseseessseeeessaes 19
3.9. Escalation and reporting Of iSSUCS ........ccceseceeeeeeeeeeeeeee een eeeeeeneeneesaeeneeeneeeeeeneena ees 19
3.10. Contract close -out
3.11. Managing re-procurement
3.12. Final Performance Review..
Bade MAMAGING THAMSILIOMN « sstrctcmccmraisis sei su aac sstmorenmurniich ence ssi summnumnneisstees4 se eatenmmensianeu esses 21,
4. TOOLS FOR CONTRACT MANAGERG.......cccsseseeeeeseeeeeeesssaeeeeeuseeeeeeeeeeneeseaeneeeanesetes
5. THE FRAMEWORK CONTROLS AND GOVERNANCE
5.1. I Responsibility ..
5.2. Framework Approval.
Annex 1 - Control Standards
Annex 2 - Partner Management Guide ........cccesssseseeeeeeeeeeeeessseeeeeeeeseeeesessesauaueneneeeeeeneees 26
1. Overview
1.1. Partner segmentation
1.2. Due diligence
2.1.
2.2.
2.3.
3.1.
3.2.
3.3.
3.4.
35.
3.6.
POL00337622
POL00337622
Page 3 of 36
Partner Relationship Management (PRM) .........ssssseseseeeeeeeeeeeseeueeeeeeeseseeeeeseseeenneseee®
Why do we need to do partner management?
What PRM includes?
When does partner management need to happen?
Partner SEGMentAtionl s « scstxscistazaes «5543209 cecistasineaas 931055000 onppisiisiszuas oss5 00059 uesesisixeuas 100903 29
What is partner segmentation and when should it HAPPEN? .........cceeseseeeeeeeeeeeewereneeee 29
How to segment partners?
Description of segments
Partner Segregation Matrix .
Partner Segmentation Tool
Required Partner Management Activities
APPENDIX 1 - Detailed Supplier Management requirements and guidance ...........:.seee 36
APPENDIX 2 - IT Supplier Segmentation ..........ccsesecsseeceeeeeeeeeeeeeeeeeeeeeereeaenseeeneeeees 36
POL00337622
POL00337622
Page 4 of 36
1. INTRODUCTION
1.1. Purpose
The purpose of this Framework is to provide a clear and standardised management, risk and
governance framework that must be complied with in order for Post Office to manage its contracts
with suppliers and clients effectively.
A Supplier is a company that delivers services to Post Office, whereas a Client is any other
company that has a contractual relationship with Post Office e.g. where Post Office delivers
services or products. For the purposes of this Framework we will refer to Supplier and Clients as
being Partners.
1.2. Objectives
The Framework sets out the internal controls and operational standards to be adhered to.. Managing
contracts with Partners in accordance with the Framework will reduce the likelihood of the risks
associated with poor contract management from crystallising. Examples are provided in section
1.4..
1.3. The Scope
Post Office operates a decentralised contract management model with support from centralised
services such as Procurement and Legal. The Framework covers the entirety of contractual
‘lifecycle’ - from the establishment of the business case and confirmation of need, through to the
contract administration and relationship management and finally, contract close-out. The lifecycle
of a contract can be divided into three interdependent phases:
Phase 1 - Transition:
¢ Contract Award.
¢ Contract Classification, based upon value and risk.
e Assignment of Contract Management Roles.
e Finalise Contract Management Plan.
¢ Set up information management structure.
Phase 2 - Contract Management:
¢ Performance.
« Administration.
e = Risk.
« Extensions / Renewals / Variations.
Phase 3 - Close Out:
¢ Performance review.
« Lessons learnt.
¢ Close out / transition.
1.4. Benefits
Effective Partner and contract management is important. It enables Post Office to:
POL00337622
POL00337622
Page 5 of 36
¢ On-board new Partners in accordance with the prescribed processes designed to protect
Post Office from engaging with inadequate partners;
e Enter into contracts which include only acceptable and manageable risks;
e Ensure awareness of its rights under the contract;
* Bring the best outcomes to customers by evolving and developing new solutions with its
Partners;
e Ensure ongoing contract compliance and performance, reducing contractual risks through
robust contract management practices;
e Effectively deliver contracts at or under the agreed costs and rates and identify savings
and revenue opportunities throughout the contract management process;
¢ Efficiently exit and on-board replacement Partners to continue providing its products and
services with a minimum impact on customers;
e Ensure the probity of the ongoing procurement activities;
« Maximise outcomes to Post Office by ongoing management of performance - reducing the
likelihood of
o Disruption to the delivery of goods or services to the business;
© Disputes, contractual issues and exposure to potential claims;
o Reputational damage; and
o Negligent and fraudulent behaviour by employees and contractors.
e Ensure Contract Owners and Contract Managers understand their responsibilities in
relation to the contract management process.
1.5. Framework Overview
The Framework provides information on all the stages that a Contact Manager and Owner need
to consider when managing a relationship with a Partner. Detail on each of the stages is provided
in section 2 of the Framework.
POL00337622
POL00337622
Page 6 of 36
Zs RELATIONSHIP MANAGEMENT AND PROCESSES
2.1. Contractual landscape at Post Office
Post Office enters into a number of different contracts in the course of day-to-day business and
are one of the main tools used to manage its relationships with Partners. Supplier contracts are
particularly common given most products or services currently sold by the Post Office (with the
exception of Postal Orders) are white labelled (i.e. produced or belonging by another company)
and therefore to provide these products or services effectively, Post Office needs to work with its
Partners.
The following diagram illustrates some of the different types of contracts that Post Office may enter
into to cover the network of relationships it is party to:
Non-disclosure agreements — keep Post Office's information confidential
Data sharing agreements - allowing <n and protection of personal data between the various parties
i I
Client contracts/joint
supplier contracts ~ post Gaooaren cians
Ge Feca produets offs supoying products
‘Suppliers or services (most likely to 4
fulfil its obligations to the contracts with DVLA, Home. Partners (such
dients) Office or utility companies as FRES)
Employees contracts
allow Post Office to I Property
cotta th coe contracs slow
the services maintain physical
network
Network/agency
contracts - allow Post. <>
Office to provide products
and services to customers
TT contracts ~ provide IT infrastructure which allows Post Office's functioning
Contracts must be managed effectively at each stage of their lifecycle and across all
interdependent relationships with consideration of back to back protections as a contract cannot
not always be looked at in isolation.
2.2. Planning
Before Post Office enters into a relationship with a new Partner it needs to consider if that new
relationship is consistent with its strategic approach, needs and requirements. This analysis is
often carried out using a business case document or plan which is submitted to the appropriate
committees for approval. In putting together the business case, the relevant business area should
be addressing the following:
e Is the proposed relationship consistent and aligned with business strategy?
« What are the resourcing requirements under the contract?
« Is there existing budget to meet contractual commitments?
e What other criteria needs to be met i.e. IT, systems and processes, third parties/sub-
contractors?
POL00337622
POL00337622
Page 7 of 36
e Is it in the best interests of the company?
e Is the operational model consistent with the Post Office target operating model and
technologies?
« 0 Does a structured procurement process need to be followed in order to appoint the
Partner or to provide a supply chain to support the Partner?
It is important to note that only Post Office Limited is subject to Public Contract Regulations 2015
(PCR), whereas Post Office Management Services Limited (POMS / POI) and Payzone Bill
Payments Limited (PZBPL) are not. However, each of POI and PZBPL’s procurement and sourcing
policies will apply, and each group member should be following the best practice Standards and
Policies in Procurement established by the Chartered Institute of Procurement and Supply?.
Neither POI nor PZBPL can procure goods and services and on-supply them to Post Office Limited.
2.3. Onboarding and tenders
The procurement team assists with selection of the appropriate Suppliers to Post Office.
Supplier selection - is carried out during the procurement sourcing exercise and tender to
determine the capability and capacity to deliver the goods or services being procured. This also
includes due diligence to social value and social responsibility aspects.
Supplier due diligence - for data collection and compliance, checks are performed once the supplier
has been selected.
Supplier Code of Conduct - is included at selection and due diligence stages. It makes clear the
standards and expectations for an entity to be a supplier to Post Office.
Where Post Office is entering into a relationship with a Client, appropriate due diligence must be
carried out.
Partner Due Diligence:
e Partner screening - suitable, credible and have capacity to deliver.
e Monitor performance of the partner and ongoing financial screening (e.g. Dunn &
Bradstreet) particularly for IT suppliers and Insurers.
« Compliance with SLAs, KPIs etc.
e Pricing reviews.
In order to manage partners effectively, the Contract Manager should assign the partner to a
specific segment using the Segmentation Matrix and Segmentation Tool set out in the Partner
Management Guide (PMG).
Once the segment is assigned, the Contract Manager will be able to manage the partner via the
Web3’s Partner Management Module. This Module sets out various templates that the Contract
Manager can use to effectively manage the partner. For more detail on Web3, please refer to
section 2.5.
Public Contract Regulations 2015
Where Post Office Limited sources a supplier, it is highly likely that Post Office will have to follow
a structured procurement process under the Public Contract Regulations 2015.
*https://www.cips.org/knowledge/procurement-topics-and-skills/strategy-policy/procurement-policy-developmenta/standards-and-policies-in-
procurement)
POL00337622
POL00337622
Page 8 of 36
Any such supplier agreement with cost of over £25k, must be tendered under the Public Contracts
Regulations 2015 with assistance of the Procurement Team. This is to ensure that public contracts
are awarded fairly, transparently and without discrimination on the grounds of nationality and
that all potential bidders are treated equally. The Procurement Director is responsible for
overseeing Post Office’s procurements and ensuring that Post Offices purchase of goods, services
and works is in accordance with law and provides value for money. POMS supplier contracts should
be procured in line with the supplier Procurement Policy which can be found on POMS Procurement
Sharepoint page or through contacting POMS’ procurement team. In each case the Contract
Owner should seek help from the Procurement Team to run such process.
Demand Management Model
Some supplier agreements will be dealt with purely by the Procurement Team without
involvement of the Legal Team. The Procurement Team will be able to assess if the agreement
needs to be presented to the Legal Team for review. Where possible, pro forma Post Office
contracts are used. This will aid simpler contracting, approvals and contract management
processes.
2.4. Contract Management Team - Roles & Responsibilities
Post Office has created various roles of accountability and responsibility so that there are clear
lines for supervision and management of contracts.
There are two essential roles for managing contracts effectively; each role drawing on a range of
skill sets. These roles may be assigned to current employees with the correct skills and delegation
of authority:
Roles of Contract and Partner Management (Contract Management Tearr
Contract e Person accountable for the budget/cost centre that funds contract and
Owner the performance of the contract.
(CO) e Employee with delegation to approve contract payments and variations
« Appoints the contract management roles.
* Recommended to be a senior employee who is impacted by the contract
outcomes and is accountable for overall adherence to contract obligations.
Contract e Day-to-management of contract lifecycle from tender to exit.
Manager e Single point of contact for suppliers and partners on all contract matters
(cM)
e Monitor contract performance and compliance.
« Recommended to be a representative within the business unit with the
relevant skills.
e Perform administrative activities over the contract management lifecycle
(e.g. information management, cost control, etc.).
2.4.1. Responsibilities of the Contract Owner
The Contract Owner has the ultimate accountability for contract and partner management.
Responsibilities include:
POL00337622
POL00337622
Page 9 of 36
e Ensuring partner management activities are completed in accordance with the
Procurement Policy and other related polices;
e Identification of a Contract Manager and, if required, a relationship manager;
« For highly complex partner contracts, potentially identifying a team of Contract Managers
to effectively manage day to day and change activities; and
e Ensuring that proper partner management is in place throughout the relationship.
« The Contract Owner should consider the following when appointing the Contract Manager:
Does the contract need to be managed by someone with specialist skills and experience
i.e. resources should be tailored to the materiality, risks and opportunities provided by the
contract?
« Does the individual have the required experience, knowledge and authority for the role
given the contract classification and risk profile?
« Do they have enough time to carry out the role?
e Can the person carry out multiple roles?
e Are they willing to take accountability for the role?
e Do they have any private interests or relationships that may give rise to claims of conflicts
of interest (perceived or actual)?
e How the contract fits into the wider portfolio of contracts; and the staffing requirements
across material and strategically important contracts.
2.4.2. Responsibilities of the Contract Manager
Contract Managers (supported by the Contract Owner) play a critical role for Post Office. directly
overseeing contracts throughout their lifecycle. Serving as the liaison between companies,
employees, customers, vendors, and independent contractors means ontract Managers serve as
the main facilitators for negotiations, recommendations, record keeping, monitoring, change
management, and more.
Their responsibilities include:
« Providing a single overview/coordination point
on behalf of their business entity including where
this requires facilitation of other functions
e.g. Legal, Business Continuity, Information
Security, Procurement, Audit, Risk, Compliance
etc;
« Scoping out commercial terms in contracts
including for example services schedules,
pricing, SLAs etc;
POL00337622
POL00337622
Page 10 of 36
e Providing the Legal or Procurement Team with commercial and service terms that are
necessary to populate and complete a contract;
« Aggregating a single view of the supplier in terms of commercials and service delivery;
¢ Ensuring that the rights and obligations are complied with. Post execution, the Contract
Manager must complete the contract obligation sections so that rights and obligations can be
managed.
« Regular reporting on the performance and compliance of the contract to the Contract
Owner; and
« Where necessary, the swift escalation of any issues affecting Post Office to relevant
stakeholders.
In order for the Contract Manager to effectively carry out their responsibilities they must have:
e Appropriate skills (both specific contract management skills and more general commercial
awareness and expertise) with access to the relevant training and development;
« Accurate job descriptions, roles and remuneration are positioned at an appropriate level;
e Clear objectives and reporting lines with their performance managed through reviews
and appraisals;
« Appropriate delegated authority to manage the contract effectively;
e Detailed knowledge of the contract(s) they manage and other related issues, such as
service level agreements, value adds and ongoing supplier performance;
« Knowledge of the organisational governance, processes, risk structures and organisational
risk appetite; and
Annex 1 provides a detailed breakdown of responsibilities for the Contract Management Team.
2.4.3. Teams supporting the Contract Managers and Contract Owners
Finance Approver: A person who ensures any financial exposure under a contract is understood
and can be fulfilled by Post Office and approves such exposure, i.e. the relevant Finance Director
for the area in which the contract originates.
Procurement: A procurement category manager who supports the Contract Manager source the
right supplier, negotiate the best terms, assists with the management of contract changes,
market intelligence and management of suppliers.
The procurement team also:
e Assist with maintaining and updating the Partner Management Guide based on best
practice principles including updates based on information received from business
functions regarding change in policy, procedure or regulatory requirements;
POL00337622
POL00337622
Page 12 of 36
« Defines the appropriate application of the Partner Management guide to supplier partners
and the associated segmentation standards and terminology defined within the
Procurement Policy and related frameworks;
e Provides, where possible, best practice tools and templates for use by Contract Managers;
e Provides guidance, advice and support to employees and Contract Managers in the
appropriate implementation of the Partner Management guide and execution of associated
activities; and
« Support in the selection of a new suppliers and ongoing management of all suppliers, in
line with the Procurement Policy. For Critical and Strategic/High Risk suppliers, providing
contract management support. For all other types of supplier, providing ad-hoc advisory
support.
Legal, Compliance and Governance: A person who provides expertise for areas where the
contractual, legal or regulatory exposure is greater.
This person will also:
« Own, maintain and update the Partner Management Guide based on best practice
principles including continual updates based on information received from business
functions regarding change in policy, procedure or regulatory requirements;
« Define the appropriate application of the guide to Supplier and the associated
segmentation standards and terminology defined within policies and related frameworks;
« Provides, where possible, best practice tools and templates for use by Contract Managers;
e Provide frameworks and guidance on appropriate controls (including templates, FAQs and
training) to Contract Owners and Contract Managers.
e Provide guidance, advice and support to employees and Contract Managers in appropriate
implementation of the guide and execution of associated activities; and
« Support the negotiation of these instruments as well as any disputes which may arise.
Other business areas: In many instances other teams will need to provide feedback to the
Contract Manager. For example, the Communication and Marketing teams will be able to assess
if Post Office is able to fulfil any marketing related obligations prior to execution. It is crucial to
identify and then cooperate with any teams that may be affected.
2.5. WEB3 — Digital Contract Management Tool
The WEB3 system is the current web-based eProcurement platform which Contract Managers
(with support from the Procurement and Legal Team) must use to manage their contracts. The
tool is managed by the Procurement Operations Team, therefore any access queries should be
directed to contractmanagement@postoffice.co.uk. Benefits of using Web3 include:
e An integrated platform which captures the activities of a relationship with a Partner from
onboarding, due diligence, procurement activity, contract, relationship management and
transactional purchasing.
« Procurement and SRM modules which allow for interaction with Partners and the sharing
of documents and messages via a Portal.
e The facilitation of formal performance reviews and documented improvement plans
covering both operational issues and adherence to key contractual requirements, via the
POL00337622
POL00337622
Page 12 of 36
SRM Module. The management of Partners should be recorded via the Supplier
Relationship Management module (SRM) on Web3. This will create visible audit trials and
ensure a unified approach to partner management across Post Office.
* 360 degree visibility of Partner activity, enabling better decision making, the leveraging of
spend and reduction of risk.
« Standardised Post Office templates and processes which enable MI & Analytics to be
produced that are measurable and comparable.
« Supplier partners are able to manage their account information themselves, reducing the
risk of fraud. Partners can access their information at all times and have an audit trail of
all activity.
« Prompts, notifications and trigger emails alert Post Office employees and Partners to
activities that need to be done with an audit trail created of every action performed in the
system.
2.6. I Assessment and Acceptance of Risk
Risk Appetite: Post Office has specified its risk appetite in respect of contractual and operational
risks in existing and new relationships. Therefore, all employees at Post Office must act within
those defined levels in order to avoid unauthorised exposure.
In respect of legal and regulatory risk appetite, Post Office has set risk appetite which is revised
by the Post Office’s Board every year. The Risk Appetite Statement can be found on the Post
Office intranet - the Hub.
*Note: Litigation may result when the rights and obligations under the contract have not been
managed compliantly.
Legal Risk Notes: When dealing with contracts every
stakeholder should bear in mind the acceptable levels
of risk, to ensure that any risks accepted are not
greater than they should be. One of the tools that the
Legal Team will equip the Contract Manager and
Contract Owner with is a Legal Risk Note which sets out
the contractual risks and the mitigants. Contract
Managers should ensure that the mitigants are
regularly reviewed to ensure they are effective in the
management of the risks and remain
enforced/effective during the life of the contract.
Exceptions: Post Office acknowledges however that in certain scenarios even after extensive
controls have been implemented, a product or transaction may still sit outside the agreed risk
appetite. Therefore, if Post Office is going outside of the accepted approval processes, an
exception report (using the Risk Exception template) needs to be prepared and approved. For
more information on this process engage with the Risk Team.
2odx Contract Approval
In order for a contract to be approved:
e if the contract has been reviewed under the Demand Management Model: a commercial
POL00337622
POL00337622
Page 13 of 36
and legal summary prepared by the Procurement Team AND an approval from the
Procurement Team and other key stakeholders under the Demand Management Model?;
OR
«if the contract has been reviewed by the Legal Team: the finalised and agreed contract
AND a risk note prepared by the Legal Team, which needs to be provided to the Contract
Manager and Contract Owner; AND
efor all relevant contracts, initiated the Contract Approval Process via the eCAF App or a paper
CAF manually and; a contract record created on Web3
2.7.1. Authority to Sign
The Contract Approval process is to ensure the appropriate governance is followed and the
business does not enter into contracts that are outside of the Business Risk Appetite or are
commercially unsound. It also ensures that only colleagues with the appropriate level of
authority delegated to them by the respective Board or Chief Executive Officer/Managing
Director are agreeing to enter into Contracts that will ultimately legally bind the business.
The Contract Manager is responsible for this process and it can be completed in the following
ways:
o For Post Office Limited and POMS/POI: by submitting an online Contract Approval Form via
the eCAF App (Sharepoint - Team sites - Legal, Compliance and Governance - Company
Secretariat Team)
o For Payzone: by completing a Contract Approval Form and obtaining the relevant sign offs
For further information of the Approval process please visit the Company Secretariat intranet
page.
Contract Owner Within a company, the Board of Directors carries the ultimate responsibility for
the decisions made within its business. However, for practical reasons, the Board cannot make
every single day-to-day decision within a business itself. Therefore, each Company Board has
delegated its authority to its Chief Executive or Managing Director to enable the day-to-day
decision making process. The necessary Contract Owner for a contract is determined by Post
Office’s spend approval limits document, which may be found on the Decision Making page of the
Intranet.
3In some circumstances the Procurement Team will refer the contract to the Legal Team for further review,
POL00337622
POL00337622
Page 14 of 36
Contract Signatory. Although the Contract Approval
Form must be approved by a Contract Owner, the
contract can only be signed by someone who is an
authorised signatory for the business, which is a
different list of people from those with spend approval
authority as Contract Owners. The Company
Secretariat will arrange for an authorised signatory to
sign the contract in accordance with the Contract
Execution Policy. It is also important to ensure that the
Contract Owner for the Contract Approval Form does
not also sign the contract as this is a potential conflict
of interest.
For more information on how a Contract Approval Process or spend approval limits please see
Execution of Contracts Flowchart and Tools section.
2.8. Execution of Contracts Flowchart
Obtain required Complete the Contract Submit Contract Approval
information about your Approval Form Form to Approvers
contract, liaise with For Post Office Limited and Post For Post Office Limited and Post
relevant stakeholders and Office Insurance, complete via Office Insurance, approvals will be
ee EE oer a Cece
For Payzone, complete the word Progress may be checked in the TH
panne y PROGRESS section of the app.
For Payzone, tha form may be wat
slaned egned or approved vi
ae
contract, The contract should
the
Tevel details
Contract Execution by Submit Web3 Contract Contract Approval Form
CoSec Record for Approval approved by CoSec
Cates cteimcateitie nce CoSec has approved the for Post Ofice Unita and Pot
contract in line withthe Contra CCAP, the Contract Manager has 5 Office Insurance, your CAF will be
ee ae wth tne Contes QU iocking days to submit the Web? QUINN automatically sent to CoSec once
peseti pet dar 2 pela shr ‘Contract Record for approval. IF fully approved. For Payzone, once
perineal ery ot submitted within deadline, ‘your CaP i fully approved submit
ab CoSec wil reverse the approval to cose
‘and reject the CAF.
POL00337622
POL00337622
Page 15 of 36
29), Storage of Contracts
All contracts will be stored on the Web3 system and
hard copies? will be kept and managed by Company Web3 is the one source of truth
Secretariat meaning that all contracts will be stored
and logged on one central place. Access to Web3 will
be restricted at the appropriate levels to protect
commercial and legal sensitivities. CoSec team will
keep some historic electronic copies which have not
been uploaded to Web3.
Web3 will also ensure that key information is recorded to provide search capability, ongoing
contract management information and ensure documentation is retained and managed. All
supporting contract information is to be stored alongside each contract to ensure all relevant
information can be accessed in one place.
Contract Retrieval
All queries regarding hard copy contract retrieval and electronic copies of contracts which are not
stored on Web3 are to be directed to caf@postoffice.co.uk.
3. CONTRACT MANAGEMENT IN DETAIL
Post Office adopted a decentralised model of contract management whereby the relevant business
units are responsible for the management and performance of the contracts with support from
others such as Procurement and Legal. Contract Owners should ensure that a Contract
Management Team is created identifying the Contract Manager, relevant financial director,
relevant lawyer, procurement representative and other key stakeholders.
Contract Management Team
Developed early, specific to the contract, regularly reviewed and may differ for each contract stage
* Confirm the roles of Ensure that those involved Maintain clear
commercial function and in contracting have adequate documentation
other experts at each stage skills, knowledge and proven * Manage handovers from
* Produce clear competency for their roles procurement to operations
documentation outlining © Make sure that people and between commercial
roles and responsbilites understand their role and and operations
have sufficient training and
support
This should be proportional to the value, risk and complexity of the contract.. In general the
level of risk ina
SAll contracts should be executed electronically unless there is a particular reason why they cannot be (suchas the counterparty refuses or it isa
deed)
POL00337622
POL00337622
Page 16 of 36
contract increases the benefits of reducing such risk through a formal contract. This section of
the Framework sets out best practice to ensure that Contract Managers take a holistic view of
their contracts.
3.1. Contractual Terms
The Contract Manager has to ensure that provisions of the contract are suitable for the proposed
relationship and mitigate and protect Post Office’s position as much as possible. Amongst other
considerations, the Contract Manager should ensure:
« Contractual terms around termination, warranties and indemnities are understood and
monitored;
e Security and confidentiality terms are understood and monitored by the Contract Manager,
particularly where there are elements of the contract relating to confidentiality of personal
data; and
« Dispute resolution processes are in place, including agreed adjudication procedures,
mediation and arbitration.
« Any contractual changes during the lifetime of the contract go through appropriate Post
Office governance.
« Contract management processes from the initial contract signing, are reviewed annually
and continue to be fit for purpose over the lifetime of the contract.
3.2. Risk Management
This Framework supports the management of contractual risk. Controls and processes assisting
the management of risk include:
e Contracts should be in place with clear responsibilities and processes for mitigation, this
must include identification or who is best placed to manage that risk and supplier
involvement where necessary.
e Where appropriate LCG will have provided risk notes that will formally identify risks and
the Contract Manager should ensure these are monitored regularly and mitigating factors
are developed and implemented where necessary.
« Contingency and exit plans must be developed for material contracts in order to handle
Partner failure and are to be kept updated through the contract lifestyle.
3.3. Developing Internal and External Relationships
e Responsibilities of the Contract Manager and the Parter should be clearly stated and all
contracts should be in writing.
« The Contract Owner must ensure continuity of key Post Office’s staff as far as possible
throughout the lifecycle of the contract. Where this is not possible, the Contract Owner
should ensure effective and appropriate handovers are given via the Contract Management
Handover Template, which is available on the Contract Management Intranet page,
accessible via the Hub.
3.4.
3.5.
POL00337622
POL00337622
Page 17 of 36
Both regular formal and informal communication routes between the Contract Manager
and supplier should be open and used. The internal Contract Management Team should
use collaboration tools such as Teams to ensure communications between themselves and
other business stakeholders are effective and the stakeholders have sufficient oversight
over the process.
Management of contract performance should be well structured, ensuring baselines of
performance are understood by both parties. A Contract Manager must ensure that the
customer organisation provides the supplier with the information and contacts needed to
deliver the service.
The Web3 system will allow for clear contact points for service users both within the
supplier’s company and the Contract Management Team. End users of the contract should
understand escalation routes where there are disputes. Regular and routine feedback
should be given to suppliers on their performance.
Payment and budgets
Using Post Office contract templates will ensure that payment processes are well defined
and efficient. The Finance Team ensure that appropriate checks and authorisation
processes are in place for paying invoices.
Ensuring the contract has gone through the Contract Approval process with finance sign
off obtained will ensure that the costs of services delivered are mapped against budgets
and allocated appropriately
Contract Managers will ensure that where service credits are inserted into a contract, these
are well managed and governed appropriately.
Contract Review
The Contract Manager must regularly review the contract to ensure it meets evolving
business needs, and update where necessary using the appropriate change process.
The 4 main areas of measurement and focus during reviews should be:
= Cost control;
= Timeline control;
= Compliance with specifications/quality assurance/service levels; and
= Compliance with terms and conditions.
Where appropriate the Contract Manager should consider undergoing benchmarking
exercises to ensure value for money of existing services. These must be procured
compliantly via the Procurement team.
Where new services are being introduced over the contract lifecycle, the Contract Manager
should consult Procurement to see if they can be compliantly added to the scope of services
or if a new sourcing exercise is required. Where the change is material, Procurement will
work with the Contract Manager to negotiate the commercial and legal changes required,
POL00337622
POL00337622
Page 18 of 36
and ensure that there are processes to cover the introduction of new services and change
obligations are adhered to.
3.6. I Managing wider Market Issues
« Teams should ensure that processes are in place to review options surrounding outsourcing
or delivering services in-house. Emerging technologies and practices should be considered
and teams should be open to new opportunities.
« Contract debriefs should take place where appropriate after the conclusion of a contract
which the Contract Manager should feedback into future strategy development and new
procurement processes.
B22. Handling Contract Changes
* Processes must be in place that dictate the governance of contractual change i.e. who the
necessary approvers are, how it must be completed to ensure contract change is
completed promptly and effectively.
¢ Minor contract changes and variations must be dealt with in a cost and effort proportionate
way to the importance and value of the proposed change, seeking procurement advice to
ensure compliance.
e Detailed processes must be in place to handle material contract changes, including clear
approval mechanisms and accountabilities. Material changes to terms and conditions of a
contract are likely to trigger the need for a repeat of the Procurement activities and
tendering, Contract Approval Process. Contract Managers must always reach out to the
Company Secretariat when contemplating a contract change.
« Both parties must have a clear understanding of the arrangements for any extension of
the contract and related issues.
e Any contractual change must be carried out in accordance with the contractual terms set
out within the original contract, and departure from the terms setting out the change
process risks the validity of the amendment being made or gives rise to a potential loss of
rights or remedies available.
« Material contracts should be conformed annually within 30 days of the anniversary date.
3.8. I Managing Complaints and Disputes
Proactive and planned Contract Management can reduce the likelihood of disputes occurring.
Formal dispute resolution should be the last resort and appropriate actions should be taken by
the Contract Manager and Contract Owner to address issues as they arise.
The Contract Manager should always follow Post Offices internal procedures and the contractual
terms for managing complaints and disputes with suppliers and partners.
3.9. Escalating and Reporting Issues
Contract Managers should report and escalate issues or risks identified through the course of
Contract or Partner Relationship Management activities as required by the Post Office Risk
POL00337622
POL00337622
Page 19 of 36
Management Framework and any related policies. Contract Owners are ultimately responsible and
accountable for ensuring compliance with required Risk and policy reporting requirements.
3.10. Contract Close-Out
A contract can be closed out in a number of ways:
« When all obligations under the contract have been fulfilled;
« The contract expires or is terminated;
« The intention to complete an agreement has been frustrated by events beyond all parties
control; and/or
« All parties agree to end the contract.
The majority of contracts will close when they have been fulfilled or expire.
The Contract Manager must establish a clear ‘exit strategy’ at the outset of contract creation,
allowing Post Office to proatively manage contract exits and avoid disputes. An exit strategy
should establish:
* When, and under what circumstances, a contract can be terminated;
* What should happen to any remaining stock or supplies following termination;
« Whether any obligations should continue to apply after termination, such as obligations to
return or to pass data to a new supplier, or to cooperate with other practical arrangements
required to ensure business continuity; and
* How the costs of transition and exit are to be managed and allocated.
e Whether Post Office retains any assets, IPR, hardware or software licensing which must
be transitioned to a new provider.
« Aclear position on both parties TUPE obligations should be set out from the outset.
3.11. Managing Re-Procurement
Before a contract is completed or expires, the Contract Manager will need to assess whether there
is an ongoing need for the goods/services delivered under the existing contract. This assessment
should take place well in advance of (not later than 6 months) the scheduled completion of the
contract, because if the need is ongoing, a procurement activity will be required to execute a new
contract. This requirement is just as applicable when considering whether to extend the contract.
Further, for extensions / variations, these should be added to the existing Web3 record and will
require a new CAF.
The Contract Manager should consult with Procurement to set a predefined point at which to
commence a new procurement activity. This date should be based on the estimated time that a
procurement activity will take to execute a new contract plus any period for transition. This should
take place no later than 12 months prior to the exit or termination of the contract.
Where a Contract Manager deals with a Client contract, it is also crucial to ensure that Post Office
is aware of its exit obligations and manages the exit appropriately. Post Office must also ensure
POL00337622
POL00337622
Page 20 of 36
that it is prepared to enter into new negotiations for provision of the services to the Client. Good
planning is crucial in for winning business and contracts.
3.12. Final Performance Review
The objective of this activity is to evaluate supplier performance and provide feedback that can
be used as a reference for future work.
Prior to the close out of the contract, the Contract Manager should conduct a final performance
review. The depth and the details of the review process will vary depending on the contract. The
following should be taken into consideration as part of the review:
e Whether the contract achieved its objectives;
«The Partner's performance;
« Satisfaction of the users;
« Contract variations;
« Any disputes;
e Key Performance Indicators and Service Levels;
« Budget vs Actual spend;
e« Weaknesses in planning, managing and procedures; and
« Audit reports.
The benefit of having transparent KPIs will drive desired outcomes such as minimal time to
signature, minimal avoidable business risk, best possible value for contract agreements and
contract renewals, adherence to contract management processes and optimisation of contract
management processes and maximizing compliance. Therefore, performance targets (SLAs, KPIs)
should be regularly reviewed to ensure the KPIs remain relevant and meaningful.
3.13. Managing Transition
There may be a need for the goods/services to continue but with a different supplier. The
transition period from one contract to another can be a high risk period. It is the Contract
Manager's responsibility to develop a transition plan. The following aspects should be considered
when developing the transition plan:
¢ Identifying any specific differences between the current and future contract;
e Developing a new communications plan, identifying stakeholders, both internally and
externally, who may be impacted by the changes;
« Updating internal processes or procedures with any changes required under the new
contract; and
« Depending on the size and complexity of the contract, the transition period may take 12
- 18 months. This will consume a significant amount of time and resources (including significant
financial costs) and require ongoing management by the Contract Manager.
4. TOOLS FOR CONTRACT MANAGERS
POL00337622
POL00337622
Page 21 of 36
These section contains links to various to other resources available to Contract Managers.
Tool
Contact in case you need access
Owned or managed by
WEB3
Available through the Hub if a licence is
assigned
Access Form and user guides can be found
on the Source to Settle Hub Page.
https: //poluk.sharepoint.com/sites/POA
(00 1/procurement/SitePages/Web3.as
and CMF Intranet page:
lhttps://poluk.sharepoint.com/sites/Icg/SiteP
ages/Contract-Management-
Framework.aspx
Procurement Operations
Team
Assistance on Web3
functionalities via the
Contract Management
Team
The LCG Academy
https://poluk.sharepoint.com/sites/Icq/
SitePages/Legal,-Compliance-%26-
Governance.aspx
The Legal, Compliance
and Governance Team
Post Office Policies
https://poluk.sharepoint.com/sites/postoff
ice/Pages/policies.aspx
The relevant policy owner
fraudulent activity
Manager.
Report their su:
1 by telephoning
Grapevine on:
GRO
Speak Up service available on {GR
or via a secure on-line web portal:
http://www. intouchfeedback.com/postoffic
e
Post Office Group I https://poluk.sharepoint.com/sites/Icq I Company Secretariat
Spend Approval Limits I /SitePages/Contract-Approval- Team
Process.aspx?CT=1613478394298&0R
=OWA-NT&CID=78b0bfb8-ec96-2f99-
e799-257054d35674
Reporting dishonest or I Discuss the matter fully with their Line The Legal, Compliance
and Governance Team
Procurement team
https: //poluk.sharepoint.com/sites/POA001/pr
ocurement/SitePages/Home.aspx
Procurement Director
Demand Management
Model
https://poluk.sharepoint.com/sites/Icq/SitePages/Dem
and-Model-Management.aspx
Procurement Director and
The Legal team.
Partner Segmentation
Matrix and
Segmentation Tool
Contract Management Framework
Legal Academy
General Counsel
POL00337622
POL00337622
Page 22 of 36
5. THE FRAMEWORK CONTROLS AND GOVERNANCE
a Responsibility
The Framework sponsor responsible for overseeing this guide is the Group General Counsel of Post
Office Limited.
The Framework owner is the Group Legal Director who is responsible for ensuring that the Legal
Team conducts an annual review of this guide and tests compliance across the Group. Additionally,
the Group Legal Director and the Legal Team are responsible for providing appropriate and timely
reporting to the Risk and Compliance Committee and the Audit and Risk Committee.
The Audit and Risk Committee are responsible for approving the Framework and overseeing
compliance.
The Post Office Board is responsible for setting the Group’s risk appetite.
If you need further information about this Framework or wish to report an issue in relation to this
policy, please contact the Legal Team.
Committee Date Approved
POL R&CC
POMS R&CC
POL ARC
POMS ARC
Payzone Board
5.2. Framework Approval
Framework Sponsor: Group General Counsel
Framework Owner: Group Legal Director
Framework Author: Senior Legal Counsel & Paralegal
Next review: September 2022
Group Oversight Committee: — Risk and Compliance Committee and Audit and Risk Committee
Company Details
Post Office Limited and Post Office Management Services Limited are registered in England and
Wales. Registered numbers 2154540 and 08459718 respectively. Registered Office: Finsbury
Dials, 20 Finsbury Street, London EC2Y 9AQ.
Post Office Limited is authorised and regulated by Her Majesty’s Revenue and Customs (HMRC),
REF 12137104. Its Information Commissioners Office registration number is Z4866081.
Post Office Management Services Limited is authorised and regulated by the Financial Conduct
Authority (FCA), FRN 630318. Its Information Commissioners Office registration number is
ZA090585.
Payzone Bill Payment Limited is registered in England and Wales. Registered numbers 11310918.
Registered Office: Finsbury Dials, 20 Finsbury Street, London EC2Y 9AQ.
Annex 1 - Control Standards
POL00337622
POL00337622
Page 24 of 36
A minimum control standard is an activity which must be in place in order to manage exposure so that it remains within the defined
acceptable levels and Risk Appetite Statements. There must be mechanisms in place within each business unit to demonstrate compliance.
The minimum control standards can cover a range of control types, i.e. directive, detective, corrective and preventive.
The table below sets out the relationships between identified risk and the required minimum control standards in consideration of the stated
risk appetite:
Description of Risk
Who
responsible
Contract Not procuring contracts in I All non-compliant contracts must be reported as a risk up to the Procurement I Always
Award accordance with Public I Procurement Director, who in turn reports up to the RCC. Director
Contract Regulations means
contracts are being awarded I Engagement with Procurement from an early stage when procuring I Contract Always
non-compliantly by Post Office I goods and services Managers
Limited. Demand Management Module Procurement I Used when appropriate,
updated by Legal when
necessary
Ongoing training to the Procurement team and wider business Legal When required
Contract The company has entered intoa I Only the Company Secretariat can distribute contractual documents I Company Always
Execution - I legally binding contract or I for signature (including via e-signature software). Secretariat
Unauthoris I obligation without internal Ie Process: All contract signatures must be facilitated by the
ed approvals and independent Secretariat and supported by a relevant internal authority
signatories I oversight. evidenced in a contract approval form "eCAF" unless a written
signing exception has been agr eed by the Company Secretary (e.g.
contractual Employment Contracts facilitated by HR or Franchise Agreements
documents facilitated by the Retail).
,_ including « Assurance: The submission of an eCAF in accordance with the
electronical contract approval process will satisfy the delegated authorities
ly approved by the Board and maintained by the Company
Secretary.
« Oversight: Only authorised signatories who are not also
signatories to the relevant eCAF (to prevent a conflict of interest)
will be requested to sign contracts unless a written exception has I All
been agreed by the Company Secretary. Employees
e The list of authorised signatories is maintained by the Company
Secretary following Board approval.
POL00337622
POL00337622
Page 25 of 36
Training: Guidance on the company intranet page(s) is updated
regularly to provide the business with accurate information on the
contract approval and execution processes, including the authorised
signatories.
Company
Secretariat
Awareness: Twice yearly communications will be sent to all
colleagues to remind them about governance processes and
procedures, including authorised signatories.
Bi-annual comms plan
Contract A lack of understanding of how I Contract obligation mapping on Web3 will allow mapping of key I Contract Always
Manageme I to manage contracts efficiently, I deliverables or actions that each party needs to undertake to comply I Managers
nt knowledge of contractual I with the contract
obligations on each party,
impact to other areas within the
business and basic contract law I Central repository of contracts to ensure contracts and appropriate I Legal/Contra I Always
gives rise to risk of not meeting I additional information is accessible ct Managers
contractual obligations, being
unable to pursue action in event I Legal training to the business to improve their understanding of the I Legal When required
of breach or last minute I contractual obligations and impacts of contracts on other areas
resource drain when contracts I within the business
are suddenly about to expire or
need to be renewed. Developed house positions with playbooks that set out a range of I Legal To be used when
acceptable negotiated positions for the following contract types: appropriate, reviewed
supplier contracts, bill payment contracts, agency network contracts by Legal on an ad hoc
and employment contracts basis
POL00337622
POL00337622
Page 26 of 36
Annex 2 - Partner Management Guide
This Guide covers the following:
Overview
Introduction to Partner Relationship Management
Partner Segmentation - first step in identifying in-scope partners
Partner Segregation Matrix
Required Partner Management Activities
APPENDIX 1: Detailed Supplier Management requirements and guidance
DubWNe
1. Overview
Partner management encompasses all activities from inception of the requirement to
engage a partner through to the end of the relationship. Partner Relationship
Management (PRM) is the activity within partner management which allows the day-to-
day management of partner relationships once the partner is on board and providing or
receiving services. This guide focuses specifically on Partner Relationship Management,
but also provides an overview of the wider requirements of PM. It summarises Post
Office’s approach to managing third party relationships and their subcontractors with
effort prioritised on partners deemed Strategic/High Risk or Critical during partner
segmentation.
1.1. Partner segmentation.
The Strategic/High Risk segmentation may also include partners who:
Provide material services to the group;
Co-ordinate and deliver services across them;
Receive material services from Post Office; or
Co-operate with Post Office when providing services to others.
These partners, in particular, require a number of mandatory partner management, and
PRM activities to either allow Post Office to fulfil its obligations to its upstream
clients, or to ensure that Post Office is realising maximum profit. Such activities
also allow Post Office to comply with applicable legal and regulatory
requirements.
In most cases, for Strategic/High Risk and Critical partners, unless another relationship
manager has been appointed, the Contract Manager will be responsible for day-to-day
management of the relationship and for completing the activities required under this
Guide. They must be identified by an overall accountable business owner - the Contract
Owner - of the services being delivered who retains the responsibility for ensuring
appropriate ongoing partner management is in place.
1.2. Due diligence.
This guide outlines the mandatory and recommended activities that a Contract Manager
should complete in line with related policies and the group’s current view of best practice
and depending upon Partner Segmentation. For PRM, these recommended activities
include:
A list of Strategic/High Risk and Critical partners has been approved by the GE members.
2.
POL00337622
POL00337622
Page 27 of 36
Completion of annual due diligence on the Partner.
Monitoring of Partner performance to agreed SLA’s, KPI’s and contractual
obligations.
Management of agreed risks, issues, escalations and change control procedures.
Conducting annual strategic reviews plus other service development, innovation
and performance review meetings.
Completing annual audits, reviewing all obligations (including exit) and regular
security penetration and disaster recovery testing.
For suppliers - submission of a Monthly/Quarterly etc (as set out within the
contract) SRM Dashboard to Contract Managers for upload into Web3.
Adherence to a contractually agreed Partner Management Governance Model.
Partner Relationship Management (PRM)
2.1. Why do we need to do partner
management?
Post Office is dependent on a number of Partners to help us deliver market facing
services, revenue generating products or critical activities across our business. This
may be through direct outsourcing of services to them or via their provision of
goods/service to us which enables us to continue our critical business activities.
Post Office needs to be aware and manage their obligations, service levels and other
requirements so that it does not find itself in breach of contracts.
Post office is required by regulatory bodies and government authorities to carefully
manage those dependencies, thereby ensuring our critical business operations are
not impacted by loss or interruption of supply.
Good business sense dictates that Post Office should apply a similar level of rigour
to our higher risk or strategic third-party relationships, even if we are not obliged
to by an external body.
To obtain value for money from its partners and its contracts, and that those
contracts are continually aligned with strategic requirements.
Protection of Post Office reputation.
Formal partner management is not required for all partners, however this guide aims to
clarify those requirements and the basis on which they will apply.
2.2. What PRM includes?
At the highest possible level, good practice and regulatory guidance considers adequate
partner management should include the following activities:
POL00337622
POL00337622
Page 28 of 36
e Rigorous and compliant partner selection and contracting, including due diligence
on the potential partner;
e In thecase of suppliers, appropriate approval via the Procurement Sourcing Councils
to proceed with engagement of the supplier from suitably authorised and
accountable individuals within the organisation;
« Acclear plan implemented from the activities that will be in place to manage the
relationship and POL’s and the partner’s performance;
« An agreed set of controls and procedures to mitigate, manage and respond to
emerging risks;
e Clear roles and responsibilities defined for the performance of these activities and
ultimate accountable executives who can assure that these activities take place;
e Regular (in most cases annual) reviews of the partner to ensure it remains agoing
concern and to manage risk to the group;
« Sufficient exit management procedures at the end of the relationship to protect the
group’s interests and minimise the risk of disruption to business operations.
PRM is an integral part of overall contract management. It is concerned with the day to
day activities to manage and drive value from the relationship with the supplier once it
has contractually commenced.
This guide sets out the best practice Partner Relationship Management which enables the
group to obtain optimal value from the partnerships, leading to the following benefits:
e Compliance with contractual commitments;
« Service levels and quality of service expectations are met throughout the life of the
relationship;
« The delivery of optimal value from the relationship in financial and non-financialterms;
* The creation of successful relationships, shared objectives and facilitation of innovation;
« Gaining a holistic view of Partner experience, enabling delivery of key information
to a range of stakeholders, and allowing measurement on a balanced set of metrics;
2.3. When does partner management need to happen?
It is important to understand that partner management needs to happen at all stages of
a relationship:
Before selection: Developing and agreeing a suitable business case and justification for
using a third party versus in-house, justification for bringing a new service/product to
Post office, assessing the risks and benefits of all scenarios. In some circumstances,
regulatory or Partner approval may also be required.
During Partner selection: Treat potential Partners equally and without discrimination,
acting in a transparent and proportionate manner and compliantly in line with Public
Procurement legislation. Assess the potential Partner(s) ability to deliver or receive the
goods and services required, through proper due diligence and a rigorous selection
process.
POL00337622
POL00337622
Page 29 of 36
During contracting: Agreeing appropriate contractual protections, SLA’s/KPI’s. Planning
for implementation and transition including the identification of a Contract Owner and
Contract Manager.
During implementation: Agreeing and documenting the roles, governance and
necessary partner management activities that will be required from Day 1 of the service.
Through the lifecycle of the contract in the form of Partner Relationship
Management: Using Web3 and other tools provided across the business, conduct
partner reviews, monitor performance and annual due diligence where required.
At the end of the contract: Managing the transition of the service back in house or to
an alternative provider, or transition back to the Partner, ensuring risk to operations or
business is mitigated throughout the transition period. Ensuring the group assets held by
the Partner are adequately managed or disposed of as appropriate.
3. Partner Segmentation
3.1. What is partner segmentation and when should it happen?
Partner segmentation is the generic term for completing a risk assessment of a Partner,
using a range of pre-defined criteria and risk factors, ultimately determining if a Partner
is a Low, Medium, or Strategic / High Risk. Segmentation determines if the Partner is
also a Critical Partner. The identification of Strategic/High Risk and Critical Partners
through segmentation is essential in determining the correct levels of due diligence and
oversight.
Segmentation should be completed at the earliest possible point when a potential spend
requirement has been identified and at a minimum prior to on-boarding and contracting
with a Partner. The procurement team will assist with considering of multiple suppliers
during the selection process. Engagement with clients is normally driven by the type of
product or service that Post Ofice can provide to the clients.
3.2. How to segment partners?
The Partner Segmentation Matrix and Segmentation Tool should be used to correctly
segment Partners based on latest risk criteria.
The Segmentation Matrix consolidates various criteria agreed between cross-functional
working group and Post Office group companies, and provides an efficient way to complete
and document the segmentation.
The Segmentation Tool will assist the Contract Manager with assigning the correct
segment to each Partner.
Note: Please note that IT Suppliers are crucial to Post Office and a separate segmentation
process has been designed for them, please refer to Appendix 2.
3.3. Description of segments
UM PARTN
These Partners typically have agreements in place which are high value,
and/ or long term across multiple products and services. Often involving a
high degree of integration, and with access to considerable levels of
sensitive data.
POL00337622
POL00337622
Page 30 of 36
These suppliers are considered to be Critical to Post Office. See Segregation Matrix Table
1for the relevant criteria.
I. GOLD PARTNER
Partners categorised as ‘Gold’ will have contracts in place with a high value
=] across a 5yr term or longer. Whilst there’s a lower degree of integration
(compared to a Platinum Supplier) they will still have access to
considerable levels of sensitive data.
These suppliers are considered to be Material and Strategic to Post Office. See
Segregation Matrix Table 2 for the relevant criteria.
that is less than 5yrs. Partners are mainly connected to a single products/
service but may include a low level of integration, along with limited access
to sensitive data.
= Silver Partners have lower value contracts in place across a contract term
These suppliers are considered to be important to Post Office but do not pose an
immediate risk to Post Office’s’ ability to provide products/ services. See Segregation
Matrix Table 3 for the relevant criteria.
IV. BRONZE PARTNER
short term agreements (less than 3yrs). There should be no systems
C=] Considered to be more transactional products/ Services with lower value
integration, or access to sensitive data.
These Partners should not pose any genuine risk to Post Office's ability to provide products/
services. See Segmentation Matrix Table 4 for the relevant criteria.
3.4. Partner Segmentation Matrix - If any of the criteria are true, the classification
applies.
Table 1 PLATINUM PARTNER
Criteria Applicability
Business Continuity
e Supports critical infrastructure or business operations Supplier
« Supports the critical activities of the Post Office through the provision of Supplier
services of information
« Provides critical infrastructure to the business Supplier
« Providing the Client, or allowing POL to distribute services that are of I Partner
economic importance, are aimed at vulnerable members of the society or
are regulated
e Partner will have physical or logical access to Post Office systems or Data I Partner
(excludes intragroup entities, suppliers providing hardware or software only
« Supports the recovery of the business in the event of a crisis Supplier
Data Security
POL00337622
POL00337622
Page 31 of 36
e Partner will have physical or logical access to Post Office Customer Data. Partner
« Post Office will process significant amount of the Partner’s personal data. Supplier
Cyber / Information Security Risk Partner
e Partner will have physical or logical access to Post Office systems or Data
(excludes intragroup entities, suppliers providing hardware or software
only)
e Manufacture, support and/or administer multiple products across multiple I Partner
lines of business
« Comprise a formal outsourcing arrangement for the business itself as well I Partner
as products for resale
It is highly likely that Platinum partner will fulfil some criteria assigned to Gold Partners.
Table 2 GOLD PARTNER
Criteria Applicability
« Provides outsourcing of business functions and people including regulated Supplier
activities
«POL is providing services of economic importance such as Post Office Card Partner
Account, Biometrics.
e POL is distributing regulated products Partner
e Core services to POL such as mails products. Partner
e Total value or profit of the expected contract >£1m per annum (excl. I Partner
VAT) OR spend is >25% if
business unit's cost base
« Expected term of contract of 5 years or more Partner
« Potential for adverse reputational / brand impact - Major impact to brand I Partner
value/market share, adverse publicity, legislation or regulator breach
leading to fines, loss of revenue >£1m
« Revenue generation and creation of Intellectual Property (IP) - Partner
Direct contribution to creation of IP / market facing products or services or
integral to ongoing generation of revenue.
« Ability of POL to influence the selection of supplier or quality of I Supplier
goods/services received - Use of the supplier has been mandated* by
partner, customer and there is no ability to influence - Monopoly market
provider. [*Note this would be a breach of the law under PCR Regulations
but could potentially apply elsewhere within the POL Group.] 7
« Ease of implementation - Complex implementation effort requiring >6 Partner
months to complete and involvement of multiple business units.
e Ease of implementation - Complex implementation effort requiring >6 Partner
months to complete and involvement of multiple business units.
« Ability to switch suppliers once implemented - >6 months to transition I Supplier
away from the supplier and/or significant financial penalties and/or
organisational change
« Dependency on supplier - Highly dependent on single/niche/specialist I Supplier
supplier for bespoke services/goods; very limited - if any - alternative
supplier choice.
« Dependency on the client —There are no other clients who provide similar I Client
service, for example a lot of the government agreements such as Biometrics
POL00337622
POL00337622
Page 32 of 36
e Sanctioned / Politically Exposed Individuals or organisation - Partner
Supplier has known connections to a sanctioned individual or is a sanctioned
organisation.
e High Risk Geographies - Supplier’s geography of incorporation or Partner
significant operations rated “Amber” or “Red” on the POL Risk Register.
e Relationship may be exclusive Partner
Table 3
Criteria Applicability
e Nota core product Partner
e Total value or profit of the expected contract less than £1m per annum I Partner
(excl. VAT) OR spend is >10% if business unit’s cost base
e Potential for adverse reputational / brand impact - POL trademark is I Partner
used for a very specific purpose that is controlled by POL.
« Intellectual Property (IP) - IP stays with the party that created it Partner _
« Ability of POL to influence the selection of partners — POL has multiple I Partner
competitors in the area and the relationships are not exclusive. _
« Ease of implementation - Complex implementation effort requiring >6 Partner
months to complete and involvement of multiple business units.
e Expected term of contract of 5 years or less Partner
« Ability to switch suppliers once implemented - >3 months to transition I Supplier
away from the supplier and/or financial penalties and/or organisational
change.
« Dependency on supplier - Services/good can be sources from different I Supplier
sources and there is no dependency on the supplier.
« Dependency on the client - POL can bid for similar service with other I Client
clients such as in bill payment area. OR POL has other ways of accessing the
market.
Table 4 BRONZE PARTNER
Criteria Applicability
« Short term agreements or 12 months or less Partner
« Negligible spend or value. Partner
+ NoIT systems integration. Partner
« No dependency on the partner. Partner
* Consultancy agreement Partner
3.5. Partner Segmentation Tool
The Partner Segmentation Tool is designed for Contract Managers to correctly assign the
segment to each of the partners they are dealing with and the levels and types of
activities they should be carrying out in relation to that Partner.
Es]
Supplier and Client
segregation toolxls
3.6. Required Partner Management Acti
POL00337622
POL00337622
Page 33 of 36
e The Partner Segmentation Matrix and the Partner Segmentation Tool should be used
to determine the segmentation of the potential partner, and therefore the application
of the Framework.
e The following table summarises the partner management guidance for Partners
depending on their segmentation and overall risk level.
e A further good practice guide on the management of suppliers only sets out in detail
the various actions that Contract Managers should consider implementing is included
in Annex 1: Detailed Supplier Management requirements and guidance below.
All PLATINUM PARTNERS will have a Contact Manager and Contract Owner (in some
circumstances there will be an additional supplier manager) to ensure that the businesses have
single points of contact to each other. The Contract Manager is responsible for the following:
Action
Assistance/info/support
Engage procurement
commitment
prior to spend
Procurement team - procurement
Legal - contract (Consult the Procurement Policy
and engage as required)
Due diligence prior to on-boarding and
contracting
Procurement team - procurement
Identification of Contract Manager and
Contract Owner
The relevant business unit and follow directions
of the GE member (Delegated Authorities paper)
Ensure sufficient contractual provisions
Procurement team - sourcing
Legal - contract
Appropriate KPIs /SLA’s, which should be
approved by the relevant business area, for
example: services provided via branches
should be agree with the network
operations to ensure that the branchescan
handle performance
The relevant business unit, LCG, key
stakeholders including IT, DP, Risk, Network
operations, Procurement team - procurement,
etc.
KPI/SLA Monitoring
Contract Manager
Formal Control checkpoint prior to contract
signature
Procurement team - procurement
Company Secretary - governance
Relevant business unit
Handover: Contract Owner to Contract
Manager
Delegated Authorities paper
Annual Due Diligence
Contract Manager
Management of agreed risk, issue,
escalation and change control procedures
Contract Management team
Procurement and Legal - contract
Conduct annual strategic reviews plus
other service development, innovation and
performance review meetings
Contract Manager/Management team;
Procurement team - supplier management
The Legal team
Other key stakeholders as appropriate to the
service
For Outsourcing, completing annual audits,
regular Penetration and disaster recovery
testing, and submission of Qtrly SRM
Dashboard
Risk Team - Audit
Procurement Team - Contract
Legal Team - Contract
Information security
Business continuity
POL00337622
POL00337622
Page 34 of 36
Exit Management Business continuity
Procurement team
IT, relevant business unit. Network operations.
All GOLD PARTNERS will be allocated a Contact Manager and Contract Owner (in some circumstances
there will be additional resources to manage contracts) to ensure that the businesses have single
points of contact to each other. The Contract Manager is responsible for the following:
Supplier financial stability checks and I Procurement or Supplier Management Teams
Segmentation (SMT)
Templates provided via procurement teams
RACI - identify who is to be Responsible, Procurement Team or SMT
Accountable, Consulted, and Informed Ensure business stakeholder approves the RACI
Insurance check Refer to contract to see what the minimum
requirements are
Contract review and planning session - To I Risk Team - Audit
include strategic discussions in line with the I Procurement Team - Contract
long-term ambitions of the relationship Legal - Contract
Identify all reviews, audits and contract
requirements for the year ahead
Commercial review (market comparison) Procurement Team or SMT
Exit Plan Reviews (all elements of service) Legal
Remote due diligence (Service and MI check)I Audit Team
On site due diligence (Service) Audit Team
On site due diligence (IT & Data Security) Audit Team, LCG
BCP Testing/ Review of actions SMT
Risk Team - Audit
Procurement Team - Contract
Innovation workshop Procurement Team or SMT
Listen to the Supplier, look into Innovation and
Fin-Tech news articles
Supplier Review Meeting (face to face)
Review: Structure changes & Policy Updates
Remote due diligence (Complaints)
Supplier Review Meeting (con call, and face k Team - Aud
to face as appropriate) (Service Reviews in I Procurement Team - Contract
the IT supplier management) Legal - Contract
Business Stakeholder
Ensure delivery of contractual obligations
Identify and rectify non-compliance with contract
terms.
Review previous actions/ issues and document
future actions
Facilitate decision making & escalation
POL00337622
POL00337622
Page 35 of 36
Identify & manage key risks
Receive and review MI Reports Add commentary as required
Understand and address any under-performance
All will be allocated a Contact Manager and Contract Owner (in some circumstances
there will be an additional supplier manager) to ensure that the businesses have single points of
contact to each other. The Contract Manager is responsible for the following:
Upon any New Term / Renewal
Action Assistance/info/support
Commercial review (market comparison) Procurement Team or Supplier Management
Teams
Exit Plan Review (all elements of service) The Legal Team
On site due diligence (Service)
On site due diligence (IT & Data Security) LCG
Annual checks
Supplier financial stability checks and Sourcing or Supplier Management Teams
Segmentation Templates appended to this framework
RACI - identify who is to be Responsible, Sourcing or Supplier Management Teams Ensure
Accountable, Consulted, and Informed business stakeholder approves the RACI
Insurance check Refer to contract to see what the minimum
requirements are
Contract review and planning session Risk Team - Audit assistance
Sourcing - Contract assistance
Legal - Contract assistance
Identify all reviews, audits and contract
requirements for the year ahead
Remote due diligence (Service and MI check)
Remote due diligence (Complaints)
BCP Testing/ Review of actions
Quarterly
Supplier Review Meeting (face to face)
Review: Structure changes & Policy Updates
Monthly
Supplier Review Meeting (con call) Risk Team - Audit assistance
Procurement Team - Contract assistance
Please see example of Agenda within Supplier I Legal - Contract assistance
Management Web 3 Business Stakeholder
Ensure delivery of contractual obligations
Identify and rectify non-compliance with contract
terms.
Review previous actions/ issues and document
future actions
Facilitate decision making & escalation
Identify & manage key risks
Receive and review MI Reports Add commentary as required
POL00337622
POL00337622
Page 36 of 36
All BRONZE PARTNERS will be allocated a Contact Manager and Contract Owner (in some circumstances
there will be an additional supplier manager) to ensure that the businesses have single points of
contact to each other. This will promote and enforce consistent messaging across the relationship.
The Contract Manager is responsible for the following:
Action Assistance/info/support
Engage procurement prior to spend I engage Procurement team as required
commitment consult the Procurement Policy
Due diligence prior to on-boarding and I engage Procurement team as required
contracting
Ensure sufficient contractual provisions Legal - contract
Agree appropriate KPIs /SLA’s in place This is a recommended action
Formal Control checkpoint prior to contract Company Secretary - governance
signature
4. APPENDIX 1 - Detailed Supplier Management requirements and guidance
a
Detailed Supplier
Management requir
5. APPENDIX 2 - IT Supplier Tiering Model
om
IT supplier Tiering
model.docx