Vendor Management Policy

The Vendor Management Policy defines how third-party vendors are engaged, authorized, and supervised while performing work in GridColo facilities. Data centers depend on a network of specialized service providers — from electrical and mechanical contractors to security firms, cleaning staff, and IT integrators. However, uncontrolled vendor activity can threaten safety, disrupt customer operations, and compromise security. The objective of this policy is to ensure that all vendor activity is coordinated, documented, and subject to consistent standards of safety, quality, and accountability.

This policy applies to all vendors and service providers engaged by GridColo itself, as well as vendors engaged by customers to perform work inside their allocations. It covers facility contractors (e.g., electrical, mechanical, janitorial, security), equipment suppliers, IT integrators, auditors, and consultants. It applies across all Security Levels (1–4) and in all operational areas, including docks, staging rooms, data halls, cages, mechanical/electrical spaces, roofs, and exterior plant yards.

Vendors are welcome partners in GridColo operations, but their activities must be controlled and predictable. All vendor work requires advance authorization, proper credentials, and compliance with GridColo's safety, access, and work rules. Vendors are accountable not only to their direct client (GridColo or a customer) but also to GridColo Operations for conduct while onsite. No vendor may perform work that affects shared infrastructure or other customers without GridColo's explicit approval and oversight.

Vendors engaged by GridColo undergo a prequalification process that evaluates safety record, insurance coverage, technical competence, and references. Minimum insurance requirements include commercial general liability, workers' compensation, and professional liability (for design or consulting services). Vendors must agree to comply with GridColo policies and provide training records for their personnel as required. Customers are expected to apply similar diligence when selecting vendors to work within their allocations and must disclose vendor identity to GridColo prior to engagement.

Vendors must be credentialed in accordance with the Credentialing & Identification Policy. Permanent vendor staff receive

All vendors must complete a site safety orientation before beginning work. This includes emergency procedures, muster points, PPE requirements, and reporting channels. Vendors engaged in high-risk work (e.g., electrical, mechanical, hot work, or roof access) must demonstrate specialized training and certification consistent with OSHA, NFPA, and local code requirements.

No vendor may perform work without proper authorization. Facility-level work requires a Method of Procedure (MOP) or Standard Operating Procedure (SOP) approved by GridColo, in accordance with the Change Management & Work Authorization Policy. Vendors working within customer cages require customer sponsorship and may only operate within those allocations unless separately authorized by GridColo. Unauthorized work, even if minor, is strictly prohibited.

Vendors must designate a supervisor or point of contact for every project. The supervisor is responsible for ensuring compliance with this policy, maintaining communication with GridColo staff, and intervening if unsafe conditions arise. Vendors engaged by customers must remain under customer supervision at all times; vendors engaged by GridColo will be monitored directly by GridColo Operations. Vendors may not leave subcontractors or temporary workers unsupervised.

Vendors are expected to maintain professional behavior at all times. Loud conversations, horseplay, and disruptive activity are prohibited. Vendors must respect other tenants' privacy and must not observe, photograph, or discuss neighboring equipment. Vendors must also respect GridColo's noise, cleanliness, and housekeeping rules, as outlined in the Data Hall Etiquette Policy and General Rules & Regulations Policy.

All tools and equipment brought onsite must be safe, properly maintained, and compliant with OSHA standards. Hazardous materials may not be introduced without approval under the Environmental & Hazardous Materials Policy. Packaging debris, cardboard, wood, and other combustibles are prohibited in data halls and must be removed in staging areas. Vendors are responsible for their own equipment and must remove it promptly after work is complete.

Use of subcontractors must be disclosed and pre-approved by GridColo. Subcontractors are held to the same standards as primary vendors and must be individually credentialed. Primary vendors remain fully responsible for the conduct and compliance of their subcontractors. GridColo reserves the right to reject subcontractors or limit their scope of work based on safety or operational concerns.

Any accident, injury, near-miss, or unsafe condition involving vendors must be reported immediately to GridColo Operations. Vendors are responsible for cooperating in investigations, producing relevant records, and implementing corrective measures. Vendors may be held liable for damages caused by their personnel, including costs of remediation, downtime, or regulatory penalties. Customers who sponsor vendors may also be held accountable for vendor actions.

All vendor activity must be coordinated through GridColo Operations. Scheduling is required for dock usage, equipment deliveries, and high-impact work. Vendors must remain reachable during their time onsite and must check in and out with security or operations staff. Changes to scope, timing, or personnel must be communicated promptly.

GridColo monitors vendor performance, safety, and compliance on an ongoing basis. Vendors who demonstrate consistent quality and adherence to policies may be prioritized for future engagements. Vendors who repeatedly violate requirements may be suspended, removed from the approved vendor list, or permanently barred from all GridColo facilities.

This policy is effective upon publication and remains in force until replaced. GridColo may amend the policy at any time to reflect evolving best practices, regulatory requirements, or operational lessons learned. Customers and vendors will be notified of substantive updates via the customer portal and official communications.