This IT Third-Party Management Policy is designed to help organizations establish requirements for managing the risk associated with vendor relationships. 

According to this policy, IT contracts must follow the contract selection, approval and renewal policies defined in the finance policy manual; the contract initiator should use the company contract checklist for all IT contracts more than $XXX; third-party service providers should have a signed master services agreement (MSA) with the company prior to beginning an engagement exceeding $XXX; company standard MSA templates must be used when feasible; and all vendors should be assigned a risk rating based on the criteria defined by the IT third-party management standard.