Outsourcing Policy

Credknow Solutions Private Limited

1. Purpose

This policy establishes a framework for identifying, assessing, approving, and monitoring all outsourced activities at Credknow. It ensures outsourcing supports strategic goals, service quality, confidentiality, and legal compliance.

2. Scope

  • All departments and functions engaged in outsourcing.
  • All third-party vendors, contractors, and service providers.
  • Outsourcing across functions like technology, compliance, KYC, marketing, etc.

3. Definition of Outsourcing

Outsourcing is the engagement of a third party to perform a business activity on behalf of Credknow.

  • Core outsourcing: Activities critical to Credknow’s operations (e.g., loan facilitation).
  • Non-core outsourcing: Support services (e.g., housekeeping).

4. Governance and Approval

  • Senior management must approve and formally document all arrangements.
  • Due diligence covers vendor’s reputation, security, compliance, and financial health.
  • Risk assessments are mandatory.
  • Outsourcing Committee may oversee significant contracts.

5. Vendor Selection and Contracting

Vendor Selection Criteria

  • Experience and capability in the service domain.
  • Compliance with data privacy and legal norms.
  • Good financial standing and legal track record.

Contractual Safeguards

  • Clear scope, performance standards, and SLAs.
  • Confidentiality, audit rights, and data protection clauses.
  • Defined exit strategy and BCP/DRP obligations.

6. Data Security and Confidentiality

  • Vendors must comply with Credknow’s data policies and laws.
  • Access is on a need-to-know basis with strict controls.
  • Data must be encrypted, monitored, and logged.

7. Monitoring and Review

  • Regular performance monitoring of outsourced functions.
  • Review of KPIs and SLAs.
  • Material breaches or delays must be reported promptly.

8. Business Continuity and Exit Strategy

  • Vendors must maintain BCP and DRP.
  • Credknow must be ready to transition services if needed.
  • Exit clauses must ensure smooth disengagement.

9. Regulatory and Legal Compliance

  • All arrangements must comply with laws and regulations.
  • Credknow retains ultimate responsibility for all outsourced work.

10. Recordkeeping

Maintain all relevant records (due diligence, contracts, audits) for at least 8 years or as required by law.

11. Review and Updates

This policy shall be reviewed annually or upon significant regulatory/business changes. All changes must be approved by senior management.

12. Conclusion

Credknow commits to secure and compliant outsourcing. This policy aligns third-party engagements with strategic goals while upholding resilience and stakeholder trust.