Supplier Homologation Policy

Purpose

To establish minimum criteria for the selection, evaluation, and maintenance of suppliers, ensuring that Syhunt ("the company") maintains business relationships only with trustworthy partners who meet legal, quality, and reliability requirements.

Scope

This policy applies to all suppliers of products and services contracted by the company.

Guidelines

1. Basic Registration

  1. Collection of registration information: legal name, business ID (CNPJ or equivalent), address, contacts.
  2. Proof of tax compliance (consultation of basic certificates when applicable).

2. Integrity and Compliance

  1. Verification of market reputation (references or business history).
  2. Checking public lists of sanctions and legal restrictions, when applicable.

3. Selection Criteria

  1. Proven quality of the product/service.
  2. Ability to meet agreed deadlines and quantities.
  3. Commercial conditions compatible with the company’s budget.

4. Approval

  1. Homologation is granted after document review and validation by the responsible purchasing/contracting department.

5. Review and Monitoring

  1. Suppliers may be reassessed periodically based on performance (compliance with deadlines, quality, service).
  2. Suppliers that show recurring issues may be disqualified.

6. Software Components and Supply Chain Security

  1. All third-party software components — whether open source or proprietary — used, compiled, or redistributed by the company are considered part of the supply chain and must be validated.
  2. Open source libraries and frameworks are subject to verification of authenticity, licensing compliance, and security posture.
  3. Proprietary or commercial components must be obtained only from trusted, official sources and verified for integrity before integration or redistribution.
  4. The company continuously monitors for known vulnerabilities, malicious modifications, or supply chain attacks affecting its dependencies, to prevent the unintentional distribution of malware or insecure code to clients.
  5. Any identified risk in third-party components must be promptly mitigated, replaced, or patched prior to distribution to customers.

7. Incident Response and Client Notification

  1. In the event of unintentional distribution of malware or compromised components through the company’s software, the company shall immediately initiate its incident response process.
  2. The company shall identify and map all affected end-clients with reasonable diligence and notify them in writing within a commercially reasonable timeframe, providing details of the incident, recommended remediation actions, and available patches or updates.
  3. Such notification shall be made in good faith and in compliance with applicable laws and contractual obligations. The extent of the company’s liability, however, shall remain strictly subject to the limitations and waivers set forth in the Syhunt End User License Agreement (EULA).
  4. The company reserves the right to take any additional corrective or preventive measures deemed necessary to safeguard its clients and operations.

Notes

  1. In the case of critical suppliers (those that directly impact operations), the assessment may include verification of technical capacity or a simplified technical visit.
  2. The company reserves the right to suspend homologation at any time in case of irregularities or identified risks.

Contact Us

Contact