7.1 Contractual/supplier risk management is in place with clear responsibilities and processes, identification of who is best placed to manage risk, and supplier involvement where appropriate.
7.2 Risks are formally identified and monitored regularly, with mitigating actions developed and implemented where possible, and 'obsolete' risks removed from consideration where appropriate.
7.3 Escalation and reporting routes are in place for risk governance.
7.4 Contingency plans are developed to handle supplier failure (temporary or long-term failure/default); exit strategies are developed and updated through the life of the contract.