Category Questionnaire

Is your MSA valid?

Term
Are all your SOWs valid?
Do you follow Change Process as designed in the contract?
Are changes which require modification to the Services being put
through the change control procedure and an applicable SOW is
amended (Critical Service levels - Targets, calculation, definition, fees
etc.)?
Change Control
Is the process change subsequently incorporated in the DPM and
approved by the client?
Are change requests submitted within contractual timelines?
Do you maintain Change Request log?
Are the charges as per the prevailing rate card?
Are invoices raised to the client as per contractual obligations?
In the event of any financial disputes, does the client raise it within
contractual timelines of its notification?
Are all the undisputed invoices paid by Client within 30 days?

Have we signed up a rate adjustment (COLA/CPI) on a yearly basis?

Fees / Payments If yes, are the changes done?

Are the resources billable during Process training as per the contract? If
yes, is the billing done accordingly?

Reduction/increase of UTP/FTEs is as per contractual obligations?

Do operations submit Financial impact CRs to finance to be invoiced

within contractual timelines?
Does XXXX charge interest in respect of late payment fees to Client as
contractually agreed?
Does XXXX inform the client in advance (through email or weekly call
etc.) that there will be a change in the bill for the respective month for
Minimum any reason as per contractual obligation?
Monthly Charge
Do we follow a minimum billing criteria as agreed in the contract?

Are SLA Targets agreed as per the process signed in Contract? Baseline
period, targets, SLAs
Is waiver provided on misses due to events out of XXXX control?
SLAs SOW
Is Penalty for Service failure agreed as per the contract/change control
procedure?
Have we been facing SLA miss due to volume fluctuations?
Waiver Is a waiver always obtained in writing and is event specific?
Does XXXX receive volume forecast from Client as agreed in the
contract?
Volume SOW
Do both parties inform any sudden fluctuation in volume in advance?

Are Quality Analysts aligned as per contractual agreement?

Do we have Quality Plans/parameters & Accuracy calculation
methodology?
Quality If yes, Are the QSDs and sample size signed off by the Client?
Do both the parties go through a Quality Assurance calibration activity
as per contractual agreement?
 Quality

Are the quality scores reported to Client each month by XXXX?

Does XXXX each month in accordance with this Agreement submit the
agreed reports to Client?
Reports
Are any exceptions/delays/discontinuation is signed off by the client?

Do production staff have internet access on XXXX network?

Do production staff have internet access on Client's network?
Internet
If yes, does it have Client approval?
Can client data/information/files be downloaded?
Is wireless network enabled on the production floor?
If yes, has the client approved it?
Connectivity / Is network traffic between Client & XXXX encrypted?
Network Do we have dual ports on the production floor?
hardware
If yes, has the client approved it?/Client sign off on ITSDD
Do we raise/escalate System Downtime with Client as per contractual
timeline?
Are redundant equipment degauzed?

Are portable devices, writable media and recording devices (including

but not limited to laptops, CDs, DVDs, hard drives, tapes, floppies, flash
drives, USB drives, and/or cameras (including mobile phones with
cameras)) prohibited from being brought into the XXXX?

Are XXXX personnel allowed to connect any writable media or recording

devices to systems?
Is an appropriate anti-malware tool(s) used to ensure that (i.e., viruses,
spyware and other malicious software) is not present on user
workstation?
Are anti-malware tools updated on agreed frequency?
Is a personal firewall installed on user workstation?
Equipment Are screen capture/logging and other recording mechanisms in
hardware or software allowed to be deployed on any desktops or
servers?
Is software and hardware used to subvert security controls or functions
allowed on any desktops or servers?
Are USB ports, floppy drives and CD/DVD-ROM drives on workstations
disabled?
Is a password protected screen saver installed and active on the
desktops of Supplier's systems?
Are there any exceptions granted with regards to camera/smart phone
usage in your process?
Are cameras used on the production floor?
Are workstations patched to address security vulnerabilities and
software currency?
Does XXXX conduct Information Security Awareness,COBEC,IMLI training
General to new hire/existing personnel ?
requirements
Can Client Data be stored on XXXX server?

Is customer data in any format (paper or electronic) prohibited from

being removed from the physical and logical confines of XXXX?

Handling of
Customer Data
 Are you allowed to take print out of the customer non-public data?

If yes, do you shred it as per contractual timelines?

Handling of Do you have a cross-cut shredder within the physical environment of
Customer Data the process?
Is it shredded by contractually engaged personnel?
Is print screen access enabled?
Is the Client confidential information available only to XXXX personnel
who have direct need to know to provide services?
Is access to Client system revoked on removal of XXXX personnel?
Are Client regulatory audits in accordance with HIPAA/DPA etc.
guidelines?
Does the Client issue notice along with TOR as per contractual
Assessments / timelines?
Audits
Are Client Audit observations closed within contractual timelines?

Do we share internal Audit reports as per contractual timelines with the

clients?
Do Operations have a copy of all the applicable
act/laws/policies/procedures that they need to comply with? (German
Federal Data Protection Act)
Are we compliant with applicable laws and privacy laws?
Compliance Do XXXX personnel go through any training/CBT pertaining to applicable
laws/policies/procedures?
If yes, is this as per defined frequency?
Is a report being maintained and/or published as per contractual
obligation?
Are Risk Assessments conducted on a periodic basis?
Risk
All highlighted risks have been agreed & signed off by the client?

Governance Do we have a Monthly/Quarterly governance forum with the Client to

discuss issues/escalations?
Have you developed any custom codes or scripts, custom reports,
training materials, documentation and other literary works or other
Intellectual works of authorship for the client which becomes the Intellectual
Property property of the Client?
If yes, is it being used exclusively for the Client?
Are documents being retained as per contractual agreement?

Document Are complete and accurate accounting records maintained for audit
Retention purposes of this agreement and retained for stipulated timeframe (as
per mentioned in MSA/SOW) in case of its termination/expiration?

Are you using Client trademarks/ logo/ information for

Publicity publicity/dashboards/internal meetings?
If yes, do you have client consent?
Do we have any mandatory CBTs/Refresher trainings agreed with the
Client? If yes, are these being reported as per the agreed process? Are
Trainings we meeting the agreed completion %?
Are the Training Manuals signed off by the Client?
Is XXXX personnel of a particular client shared with the Direct
competitor/Any other Client at XXXX?

Personnel
 Have we agreed the list of Key Personnel/Ring Fenced Role?
Personnel
Is the client informed about the sharing of the XXXX Key personnel?

Are we following the eligibility of an employee as agreed in the

MSA/SOW?
Are background/Other checks carried out on XXXX personnel in
accordance with this agreement?
Is BGV/other checks as per agreement rechargeable to the client? If yes
have the invoices been raised on a timely basis?
BGV Do we conduct Drug Test for all XXXX employees on a regular basis

Are all the XXXX personnel engaged in Client services eligible for
employment?
Do we share the BGV report with client?
XXXX does not solicit for employment (including as an independent
Non-solicitation contractor) any officer, employee or independent contractor of the
Client?
Do you share premises with other XXXX' customers?
If yes, is it in line with contractual obligations?
Is a monthly floor access report maintained?
Do we gain sign off from the Client for any exception (client visits/other
XXXX personnel visits)?
Physical Is there a log maintained for all users have been given access to the
Client floor on exception basis (one time - training/meeting) on any
particular day?
Is a client chargeable physical security guard stationed at the entrance
of production floor as per contractual obligation?
Have you relocated services to another location?
If yes, do we have client consent?
Is BCP testing conducted as per contractual obligations?
Has the recovery % and location been agreed and BIA documents
BCP submitted within contractual timelines?
Is a BCP awareness training conducted as per calendar and client is
notified?
Has XXXX obtained an insurance as per contractual obligation?

Insurance Has XXXX obtained general commercial liability insurance and statutory
employer liability insurance as per contractual obligation and submitted
evidence to client / can evidence upon request by the Client?

Has XXXX ever set up business as a competitor of Client?

Is XXXX using the same location/building for its competitor?
Non- Is XXXX sharing Resources with the Direct Competitor?
competition If yes, has the Client approved?
Does XXXX provide similar services to any other Company who is a
competitor of the Client without notifying the Client?

Refurbishment Do we have a refurbishment timeline agreed as part of the Contract? If

of Equipment's yes, has the activity been completed as per the agreed timeline or do
we have a waiver in place? Who pays for the refurbishment?

Has the benchmarking clause been invoked?

Benchmarking
Benchmarking
If yes, have you lost a process due to benchmarking?

Ops
Finance
IT