Supplier Requirements

Supplier Requirements Statement

One of the daily goals and challenges that LedaMC and Quanter set for themselves is the continuous improvement of their ability to provide better service and customer care.

To achieve this goal, LedaMC and Quanter have implemented an internal Management System based on the UNE-EN-ISO 27001:2022 Standard.

One of the requirements established by the Management System is the need to evaluate and select supplier, maintenance, and subcontracting companies based on their ability to meet the commitments they establish with LedaMC and Quanter.

In accordance with these requirements, we hereby inform you of our continuous evaluation and approval system for supplier companies, as well as the general and service-specific requirements applicable to your company:

Initial evaluation of suppliers, maintenance companies and subcontractors

  • Certification / Accreditation: Supplier companies whose products or Management Systems are certified by an accredited certification body will be positively valued. Suppliers are also evaluated based on the accreditations/qualifications they possess that enable them to perform their work.
  • Trial Period: All new supplier companies undergo a trial period consisting of up to three trial orders. Once these orders have been evaluated, LedaMC and Quanter will determine whether the company is suitable to become an approved supplier. After completing the trial period, the supplier will be moved into historical records.
  • Quality/Price Ratio: Supplier companies offering a good quality/price ratio will be positively assessed.
  • Trust in the Company/Service: Suppliers that have collaborated with LedaMC and Quanter for at least two years earn trust and demonstrate consistent service quality and respect for information security.

Continuous evaluation of suppliers, maintenance companies and subcontractors

Following the initial evaluation, LedaMC and Quanter conduct an annual reassessment of their supplier companies based on incidents and non-conformities associated with each supplier/subcontractor in relation to:

  • Service availability
  • Response to queries
  • Security incidents
  • Average student survey results (for training companies only)
  • Satisfaction of the training manager (for training companies only)
  • Service errors (for advisory firms only)
  • Delivery delays (for advisory firms only)
  • Confidentiality (for advisory firms only)

In accordance with the applicable standards and as a supplier, maintenance company, or subcontractor of LedaMC, we hereby inform you of the minimum requirements that apply to the provision of your service.

General requirements for service delivery

  • The supplier company commits to ensuring full compliance with the requirements specified in the purchase order or external work order.
  • At all times, the supplier company is required to comply with the legislation applicable to the service being provided (authorizations or registrations as an authorized entity, technical inspections, etc.).
  • The supplier company must apply the necessary preventive measures to avoid hazards or emergencies during the work, and must train and inform its personnel regarding the tasks to be performed.
  • The supplier company must comply with the internal procedures communicated to it regarding the company’s Management System.
  • If any risk or emergency situation is detected, it must be immediately reported to any LedaMC staff member or to the contact person managing the request. The following email address is available for this purpose: it_support@leda-mc.com

Requirements to be evidenced

  • Other Types of Supplier Companies: (External occupational risk prevention services, training companies, management firms, advisory firms, among others) Provide evidence such as NDA, personal data processing agreements as applicable to the activity, and ISO 27001 certification or other standards where appropriate.
  • Subcontractors: Before the start of the service to be provided, the company’s Management System Officer will indicate the documentation to be submitted or updated, depending on the nature of the work.
  • Supplies Providers: Technical product sheets, CE marking, warranty certificate, and certification according to UNE-EN-ISO 9001:2015 or other standards, where applicable.
  • Hardware and Maintenance Providers: Information on company backups, risk information relevant to LedaMC, and certification according to ISO 27001 or other applicable standards.
  • Cloud Service Providers: Security controls included in contracts or agreements, functions and responsibilities related to the cloud service provided, notification of service changes before deploying them to production, notification of potential threats or security incidents related to the cloud service, and service availability during migrations.