Official State of Rhode Island website

State of Rhode Island Office of Accounts and Control Department of Administration

Contracts & Third-Party Vendor Management

Contracts and third-party vendor management are central parts of risk management because organizations rarely operate entirely on their own. Whenever outside party does work for the State, whether it’s a supplier, contractor, consultant, or cloud service provider, the State inherits new risks that need to be managed. 

Contracts are not just legal formalities; they are risk-allocation tools. They clarify responsibilities, outline protections, and assign liability. The risk presented by a third-party vendor can be managed through: 

  • Indemnification: one party agrees to compensate or protect the other for certain losses.
  • Limitation of liability: caps the amount one party might owe if things go wrong.
  • Insurance requirements: ensures the vendor carries sufficient coverage (e.g., general liability, cyber liability).
  • Service level agreements (SLAs): define performance standards and remedies if the vendor fails to meet them.
  • Termination rights: allow an organization to exit a risky or nonperforming relationship. 

The State’s standard indemnification clause appears in the General Conditions of Purchase at Section 13.21. The General Conditions of Purchase formulate the basis of all contractual engagements and awards issued by the State. If agencies want to incorporate heightened or additional indemnification language, they should do so under the guidance and direction of their respective agency legal counsel, and that language must be included in either the related solicitation or supplemental contract documentation. 

Agencies should proactively reach out to the Office of Risk Management (ORM) during the solicitation development phase of a procurement for advice what risks this procurement may raise, what kind of risk management language should be included in contract, and what insurance limits should be required from the vendor. 

ORM assesses applicable insurance requirements for individual agency projects based on the parameters established in Addendum A to the General Conditions of Purchase. This process happens before an agency sends its requisition to Purchases to either post on their behalf or issue Purchase Orders (for non-competitive or exempt engagements.) 

Contact ORM if you are developing a solicitation or planning to contract with a third-party vendor.