Name: SUPPLIER REQUIREMENTS

Owner: Hannu Tamminen Status: Approved

Created: 02/12/2021 Version: 2.0
Identifier: DOC237476 Pages: 1 (13)
Public

SUPPLIER REQUIREMENTS

Strategic Sourcing

Revision History

Version Status Date/Name Description of Change Approver

1.0 Approved 18/08/2017 First version published Tuukka Farin

2.0 Approved 02/12/2021 A following chapters were updated: Hannu Tamminen

1.1. Purpose and scope of document
3. Environmental, Social and Governance
(ESG) (3.1.-3.3.)
4. Quality
5. Production
6. Delivery (6.1. 6.2.)
8. Business (8.1.-8.3.)
A following new chapters were added:
2. Management responsibility (2.1.-2.5.)
7. Supplier Management and Purchasing
9. Reference documents

© Vaisala 2021
Restricted
 Name: SUPPLIER REQUIREMENTS
Owner: Hannu Tamminen Status: Approved
Created: 02/12/2021 Version: 2.0
Identifier: DOC237476 Pages: 2 (13)
Public

Table of Contents
1 Introduction .................................................................................................................................. 3
1.1 Purpose and scope of the document ..................................................................................... 3
1.2 Vaisala Supplier Code of Conduct ......................................................................................... 3
2 Management responsibility .......................................................................................................... 3
2.1 Business vision and strategy ................................................................................................. 3
2.2 Management reviews and continuous improvement .............................................................. 3
2.3 Management systems ........................................................................................................... 3
2.4 Management of records ......................................................................................................... 4
2.5 Product Life Cycle Management ............................................................................................ 4
3 Environmental, Social and Governance (ESG) ............................................................................ 4
3.1 Environment, Health and Safety (EHS) requirements ............................................................ 4
3.2 Business ethics ..................................................................................................................... 5
3.3 Labor and human rights ......................................................................................................... 6
4 Quality ......................................................................................................................................... 7
5 Production.................................................................................................................................... 8
6 Delivery ........................................................................................................................................ 9
6.1 Logistics and trade compliance.............................................................................................. 9
6.2 Packages and markings ...................................................................................................... 10
7 Supplier Management and Purchasing ...................................................................................... 11
8 Business .................................................................................................................................... 12
8.1 Finance ............................................................................................................................... 12
8.2 Risk management................................................................................................................ 12
8.3 Communication ................................................................................................................... 13
9 Reference documents ................................................................................................................ 13

© Vaisala 2021
Restricted
 Name: SUPPLIER REQUIREMENTS
Owner: Hannu Tamminen Status: Approved
Created: 02/12/2021 Version: 2.0
Identifier: DOC237476 Pages: 3 (13)
Public

1 Introduction
1.1 Purpose and scope of the document
The purpose of Supplier Requirements is to provide information of the global requirements Vaisala
has for its suppliers. In order to ensure the quality and consistency of purchased goods and
services, this document defines the guidelines of Vaisala- and Vaisala’s customers’ expectations for
suppliers regarding to management responsibility, environment, social and governance, quality,
production, delivery, Supplier management and purchasing and business. All these requirements
apply to all Vaisala suppliers when applicable in business of supplier. For more information, please
contact your Vaisala contact person.

1.2 Vaisala Supplier Code of Conduct

- The supplier shall commit to the principles of Vaisala Supplier Code of Conduct.

2 Management responsibility
Supplier shall have defined organizations with sufficient resources and described roles and
responsibilities.

2.1 Business vision and strategy

Requirement 1: Supplier shall have a good awareness of company status, its business environment
and a vision for future business objectives. Company strategy should regularly be reviewed and
updated to achieve defined future business targets.

Requirement 2: Supplier shall present the long-term investment and business plans to Vaisala
when requested.

2.2 Management reviews and continuous improvement

Requirement 1: Supplier shall have a documented management review practice at planned
intervals to evaluate the current business status, opportunities to improve, need of process/system
changes and target setting.

Requirement 2: Supplier shall have defined Key Performance Indicators for continuous monitoring
and related actions towards key strategic targets.

Requirement 3: Supplier shall have an active customer satisfaction program to evaluate customer
feedback and surveys, quality reclamations of products and services and on-time delivery
performance. Supplier shall take corrective actions and report on them.

2.3 Management systems

Requirement 1: Supplier shall have a management system for planning, managing, and monitoring
the quality of processes, products and services.
Requirement 2: Supplier shall have a documentation management system which controls the
classification of its business management documents including version history, document
© Vaisala 2021
Restricted
 Name: SUPPLIER REQUIREMENTS
Owner: Hannu Tamminen Status: Approved
Created: 02/12/2021 Version: 2.0
Identifier: DOC237476 Pages: 4 (13)
Public

distribution rules and document identification (e.g. unique document number or reference) and
document approvals.

Requirement 3: Supplier shall carry out the internal audits by qualified auditors according to
written procedures and action plans. Internal audit reports are systematically archived.
Management shall review audit findings, plan corrective actions and follow up the completion of
agreed corrective actions in efficient manner.

2.4 Management of records

Requirement 1: Supplier shall define classification and traceability of records. Supplier shall define
responsibilities to archive, maintain and dispose of the records. Repository and retention times of
records shall be defined.

2.5 Product Life Cycle Management

Requirement 1: Supplier shall have capability and monitoring system to manage product and
product families within entire product life cycle.

Requirement 2: Supplier shall have a documented procedure for product life cycle management.
Product life cycle statuses shall be reported to Vaisala on request.

Requirement 3: Supplier shall give early warning in an end-of-life situation and suggest a
replacement product.

3 Environmental, Social and Governance (ESG)

3.1 Environment, Health and Safety (EHS) requirements
Requirement 1: EHS management system

- The supplier has an EHS policy.

- The supplier has identified health and safety risks and environmental aspects.

- The supplier’s employees have the possibility to participate actively in monitoring and
developing health and safety.

- The supplier monitors and measures their environmental performance as well as EHS related
incidents and accidents regularly.

- The supplier has procedures for incident investigation and corrective actions.

- The supplier has regular internal EHS audits.

- The supplier trains all employees on relevant EHS matters.

- The supplier has defined waste management practices.

- The supplier has a written emergency response plan and preparedness procedures to manage
EHS risks associated with such emergencies.

Environmental certification in accordance with ISO14001 and health and safety certification in
accordance with ISO45001 is viewed favorably.
© Vaisala 2021
Restricted
 Name: SUPPLIER REQUIREMENTS
Owner: Hannu Tamminen Status: Approved
Created: 02/12/2021 Version: 2.0
Identifier: DOC237476 Pages: 5 (13)
Public

Requirement 2: Compliance management

- The supplier has a program or procedure in place to regularly identify and monitor
compliance with applicable EHS laws and other requirements.

- The supplier has required licenses and permits to run their operations (such as for air
emission, storage or use of hazardous substances, wastewater management, and waste
issues).

- The supplier complies with legislation restricting the use of certain substances when
applicable (such as RoHS, REACH, TSCA, Packing Directive, Battery Directive, etc.)

- The supplier is able to deliver environmental compliance data of purchased products or parts
according to Vaisala’s or Vaisala’s data collection partner’s request.

Requirement 3: Actions to reduce health and safety risks and to improve environmental
performance

- The supplier is able to demonstrate efforts and activities to reduce environmental impacts.

- The supplier has specified objectives, goals and plans to reduce the hazard risks.

- The supplier provides the employees with occupational health care and regular health checks,
adequate considering the nature of its operations.

- The supplier provides its personnel with necessary protective equipment.

3.2 Business ethics

Requirement 1: Ethical business practices

- The supplier has a Code of Conduct or a written Ethics policy and covers the ten principles of
the UN Global Compact.

- The supplier has procedures in place to prevent corruption and criminal activities, including
but not limited to bribery, excessive gift-giving, extortion, money laundering or
embezzlement.

- The supplier should not deliver to Vaisala any products or services that are from an entity or
a person subject to United Nations, European Union, the United States or other applicable
sanctions laws and regulations.

Requirement 2: Governance and legal compliance

- The supplier complies with all the laws and regulations of the countries in which it operates.

- The supplier has a system to control compliance with local labor laws, social security and
taxes.

© Vaisala 2021
Restricted
 Name: SUPPLIER REQUIREMENTS
Owner: Hannu Tamminen Status: Approved
Created: 02/12/2021 Version: 2.0
Identifier: DOC237476 Pages: 6 (13)
Public

- The supplier has a process in place to ensure compliance with internationally recognized
Human Rights standards, legislation and conventions (e.g., International Labor Organization
(ILO) Core Conventions on Labor Standards, Universal Declaration of Human Rights, the
International Bill of Human Rights and UK Modern Slavery Act).

- The supplier conducts regular internal audits of ethics practices in order to assess
conformance with compliance obligations.

3.3 Labor and human rights

Requirement 1: Compliance with labor and human rights

- The supplier has mechanism(s) in place to permit employees to report anonymously their
concerns related to labor and human rights, violations of the law or non-compliance with
company’s policies.

- The supplier prohibits retaliation against workers and other stakeholders (including those
that represent them) for raising concerns related to labor and human rights.

- The supplier conducts regular internal audits of labor practices in order to assess
conformance with compliance obligations.

- The supplier has established, documented, maintained and continually improved Corporate
Social Responsibility policy or program.

- The supplier has policies that prohibit forced labor and child labor, and the supplier has to
comply with the local minimum working age laws or the ILO standards. The supplier verifies
the ages of young workers.

- The supplier has written policies and guidelines to prevent discrimination in hiring,
promotion, equal pay, benefits, and training based on race, color, age, gender, sexual
orientation, personal opinions, gender identity and expression, ethnicity or national origin,
disability, pregnancy, religion, political affiliation, union membership, covered veteran
status, protected genetic information or marital status. The supplier has a formal, written
policy that clearly states a commitment to prevent physical and mental harassment and abuse
in the workplace.

- The supplier has a policy on regular hours and overtime that is communicated to all workers.
This policy must be in accordance with the applicable ILO standards and national laws and
regulations concerning maximum hours and minimum breaks and rest periods. In addition,
the supplier has a system to track working hours.

- The supplier has procedures in place to ensure all workers are paid at least the legal minimum
wage for standard working hours and that this wage is adequate to cover basic living costs
(living wage).

- The supplier provides all employees employment conditions in a clear and understandable
written form in a language understood by the employee.

- The supplier shall not use involuntary labor, including but not limited to forced, slave or
human trafficked labor. The supplier does not restrict workers’ freedom of movement, for
example, through the retention of personal identification or travel documents. In addition,
the supplier shall not use third party recruitment agencies or labor providers who provide
forced labor.

© Vaisala 2021
Restricted
 Name: SUPPLIER REQUIREMENTS
Owner: Hannu Tamminen Status: Approved
Created: 02/12/2021 Version: 2.0
Identifier: DOC237476 Pages: 7 (13)
Public

- If parts or products supplied to Vaisala by the supplier contain tin, tantalum, tungsten or
gold, the supplier must ensure responsible sourcing of these minerals and report to Vaisala
using the most recent RMI Conflict Minerals Reporting Template.

4 Quality
Requirement 1: Management system

- The supplier has a quality management system based on the latest version of ISO9001 or
equivalent.

- Products and services delivered for Vaisala meet AQAP2110 requirements when applicable.

- Products and services delivered to Vaisala meet ISO/IEC 80079-34 requirements (Explosive
atmospheres) when applicable.

Requirement 2: Planning and measurement

- Supplier has a documented product quality assurance plan for new product introduction.
Such product quality assurance plan shall include e.g. design reviews, design FMEA, test
plans, work instructions, process descriptions, inspection instructions, verification of
function, packing plan, and initial sample or similar elements.

- The relevant records of supplier’s product quality assurance plan shall be presented by
supplier to Vaisala on request.

- The supplier has control plans or equivalent to define means of controlling process stability
and output.

- The supplier identifies and monitors key metrics regarding output quality, adherence to the
agreement and overall performance.

- The supplier has quality metrics available.

- The supplier is committed to continuous improvement. The supplier continuously improves

process effectiveness and product quality.

Requirement 3: Process and change control

- The supplier has an existing systematic method to identify risks in manufacturing and service
processes (such as Failure Mode and Effects Analysis (FMEA) or equivalent).

- The supplier has documented procedures for change of process, product or supplier changes
(verification of done changes, e.g. First Article Inspection).

- As applicable, Configuration Management shall follow the guidelines of ISO10007 and

ACMP2100.

- Supplier shall ensure that no Counterfeit Material is used. Material source shall be traceable
to demonstrate this requirement.

© Vaisala 2021
Restricted
 Name: SUPPLIER REQUIREMENTS
Owner: Hannu Tamminen Status: Approved
Created: 02/12/2021 Version: 2.0
Identifier: DOC237476 Pages: 8 (13)
Public

- If changes are required, all change requests shall be communicated to Vaisala. This is because
product structures may have approvals and changes to these affect product certifications.

- All changes must be compliant with all original requirements. It is supplier’s responsibility
to ensure that also specific product or process requirements are fulfilled.

Requirement 4: Competencies

- The supplier has tools and procedures to ensure the fulfillment of the product and service
requirements of Vaisala.

- The supplier uses different quality tools, one of them being Eight Disciplines (8D) or similar
method (Possible tools: 8D, 5 Whys, Poka Yoke, Pareto analysis, FMEA, Control plan,
Statistical Process Control (SPC), other e.g. Design of Experiments (DOE)).

- The supplier has operator training plan and competence matrix for all equipment and
persons for basic training needs.

- Applicable workmanship standards:

o Printed circuit board assemblies shall comply with the requirements IPC-A-610. The
applicable revision is defined in the technical drawings, but the supplier may choose
to use the latest revision. The applicable product class is defined in the technical
drawings.

o Cable and wire harness assemblies shall comply with the requirements of
IPC/WHMA-A-620. The applicable revision is defined in the technical drawings, but
the supplier may choose to use the latest revision. The applicable product class is
defined in the technical drawings.

Requirement 5: Non-conformities

- The supplier has systematic (such as 8D) problem solving actions, root cause analysis,
corrective actions with verifications and preventive actions, and feedback to customer.

- If the supplier detects that historical deliveries to Vaisala could have non-conformities, the
supplier has to launch a recall and inform of concerned products by scoping the issue by item
codes and manufacturing time.

5 Production
Requirement 1: Capability

- The supplier identifies critical steps and resources.

- The supplier has applicable manufacturing technology and it is maintained and improved.

- The supplier has documented work instruction and basic description of each task, which are
available at the workstation and applied by operators.

- The supplier identifies nonconforming and suspected material and it has clearly dedicated
location for such material.
© Vaisala 2021
Restricted
 Name: SUPPLIER REQUIREMENTS
Owner: Hannu Tamminen Status: Approved
Created: 02/12/2021 Version: 2.0
Identifier: DOC237476 Pages: 9 (13)
Public

- The supplier has packaging and labeling instructions.

- The supplier ensures the storage and maintenance of Vaisala’s property when applicable.

- The supplier is technologically competent to support and attend Vaisala’s needs for current
and future products.

- The supplier has to provide all applicable product certifications if requested by Vaisala.

- The supplier has to have the capability to conduct technology transfers.

Requirement 2: Capacity

- The supplier is able to meet the agreed lead times.

- The supplier has to be able to present a capacity plan to Vaisala.

- The supplier has the ability to fulfill demand changes.

- The supplier has to be able to provide technical support for Vaisala.

- The supplier defines which measurement equipment and resource can be used for specific
measurement (separate instruction or mentioned in work instructions or control plans).

- The supplier has a calibration system for all measurement devices used for compliance
measurements, process and database, and the calibration environment of the supplier is
controlled when applicable.

Requirement 3: Traceability (applicable for all components used in Vaisala products)

- The supplier has a procedure to maintain traceability of its products and raw materials.

- The supplier’s main processes are traceable (to customer) either serial managed or batch
managed.

- The records are stored at least 15 years.

6 Delivery
6.1 Logistics and trade compliance
Requirement 1: Compliance with laws, regulations and standards

- The supplier has to comply with all necessary laws and regulations subject to international
border crossing. This covers, among others, export control laws and regulations (EU, US and
any other relevant country), customs and tax laws and regulations.

- The supplier is responsible for obtaining all licenses necessary by law or other requirements
for selling and exporting items in question.

- The supplier shall inform Vaisala of any re-export licensing requirements affecting the
delivered items.
© Vaisala 2021
Restricted
 Name: SUPPLIER REQUIREMENTS
Owner: Hannu Tamminen Status: Approved
Created: 02/12/2021 Version: 2.0
Identifier: DOC237476 Pages: 10 (13)
Public

- The supplier ensures the supply chain security and trade security are not limited only to the
supplier but cover also the possible third parties involved in a delivery chain.

Requirement 2: Logistics and trade compliance specific data.

- Logistics and trade compliance data is provided upon contract signing or as defined in price
list & logistics appendix (1). This contains but is not limited to the following data:

o Customs tariff code (Harmonized system HS with 6 or EU Common Nomenclature 8

digits)
o Export control classification number (ECCN), both EU and US, if item being
delivered has a dual-use designation.
o Weight
o Dimensions
o Hazardous material information for all modes of transport, (e.g. MSDS, Material
safety data sheet, UN number with package classes, Lithium battery test certificates)
o General country of origin per item
o Preferential country of origin when applicable and when requested by Vaisala, (ref.
EU 2015/2447 of 24 November 2015 and EU No 952/2013). EU suppliers to provide
with the supplier declaration.
- The supplier informs Vaisala of the address where the goods are shipped from.

Requirement 3: Shipment documentation

- The supplier is responsible for providing shipment specific shipping documentation in an

agreed manner upon delivery. The documentation includes but is not limited to invoice (or
proforma / commercial invoice when necessary), packing lists, country of origin certificates
(when applicable), waybill (copy or number) and MSDS for hazardous material when
necessary. The documentation must have relevant Vaisala purchase order references (e.g.,
purchase order number, item codes, item descriptions).

6.2 Packages and markings

Requirement 1: Packages

- The supplier provides packaging designed to prevent contamination, deterioration, loss or

any other likely damage during packing, shipping and warehousing. In packaging design,
relevant environmental and mechanical conditions need to be taken into consideration.
Selected packaging solutions must provide adequate corrosion, humidity and ESD protection
for the product.

- Vaisala’s package design and packing instructions have to be followed if separately requested.
This might be the case if the product will be shipped to the end customer in supplier’s
package.

© Vaisala 2021
Restricted
 Name: SUPPLIER REQUIREMENTS
Owner: Hannu Tamminen Status: Approved
Created: 02/12/2021 Version: 2.0
Identifier: DOC237476 Pages: 11 (13)
Public

- All packages which are aimed for European markets shall fulfill the European Union
packaging and packaging waste directive 94/62/EC. All packages have to fulfill EN 13428
requirements and one of EN13429-13432.

- Product and packaging design shall be done by optimizing packing and transportation costs
from the full delivery chain point of view.

- The packaging solutions for incoming materials minimize handling phases and difficulties
(e.g., during picking and lifting) in production.

- Dangerous goods and hazardous materials have to be packed, marked and transported
according to the applicable laws and regulations.

Requirement 2: Package markings

- All delivery and product packages shall have adequate handling and identification markings
for contents. Supplier shall mark their delivery packages according to Vaisala’s package
labeling requirements when requested (ref. document ID PI216268-D).

- All packages shall have material identification symbol for European and Chinese markets if
box has printings. Recycling symbols are mandatory for plastic items.

- All wooden material shall fulfill ISPM-15 requirements and be marked according to ISPM-15.
In addition, wood shall be bark free. More detailed information can be found from
International Plant Protection Convention (IPPC).

Requirement 3: Product markings

- Vaisala will define if product marking is required and what kind of marking is required. The
product code marking shall be on each produced item itself or its package. Product marking
will follow Vaisala’s marking instructions (ref. document ID PI218029-D) when
requested. Note that it’s preferred that marking is both human and machine readable (bar
code or 2D).

Requirement 4: Traceability

- The traceability marking shall be on each produced item itself and its package if applicable.
The supplier shall follow Vaisala’s marking instructions.

7 Supplier Management and Purchasing

- Supplier shall manage its suppliers according to a documented process.
- Supplier shall have a documented procedure for its supplier evaluation and approval.
- Supplier shall monitor the performance of its supplier using key performance indicators.
- Supplier shall ensure that all applicable requirements and contractual obligations from
Vaisala are transferred to its suppliers.

© Vaisala 2021
Restricted
 Name: SUPPLIER REQUIREMENTS
Owner: Hannu Tamminen Status: Approved
Created: 02/12/2021 Version: 2.0
Identifier: DOC237476 Pages: 12 (13)
Public

8 Business
8.1 Finance
Requirement 1: Compliance with financial requirements

- The supplier provides all necessary information related to financial assessment.

- The supplier is financially capable of supporting Vaisala’s needs for current and future
products.

- Vaisala’s required payment terms are Net 60 days.

- The supplier has to provide invoices and invoices’ data with all relevant data support for
accounting and border crossing purposes in international trade. This includes the ability to
provide transactional based invoices in an agreed manner (email, hard copy) for export and
import customs clearance purposes when applicable.

- The preferred invoicing method is e-invoicing.

8.2 Risk management

Requirement 1: General security and risk management

- Supplier shall have company management approved security policies and guidelines which
are reviewed on regular intervals. Supplier shall have a nominated resource defined for
security related matters.

- The supplier has a process to identify, evaluate and treat risks.

- The supplier has a business continuity plan that must contain contingency plans in the event
of significant accidents/disasters/key equipment failures/utility interruptions. This plan
should also allow for the safeguarding, storage and recovery of drawings, specifications,
tooling and other critical information and materials in the event of damage or loss.

- Vaisala has the right to audit the supplier.

- The supplier shall have a general and product liability insurance covering their services and
products supplied to Vaisala, and upon request, provide a certificate of such insurance.

- Supplier shall have a procedure to protect unauthorized access to its facilities and
confidential business information of Vaisala.

- Supplier shall have electronics access control system to the data centre and server room.
There shall be a sufficient fire protection and firefighting system for the data centre and
server room.

- Supplier shall have procedures for emergency situations such as fire or any natural disasters.

Requirement 2: Information security

- The supplier has information security and confidentiality controls in place, including but not
limited to information classification, access management, documentation retention,
contingency management (such as backups and malware protection) and encryption.
© Vaisala 2021
Restricted
 Name: SUPPLIER REQUIREMENTS
Owner: Hannu Tamminen Status: Approved
Created: 02/12/2021 Version: 2.0
Identifier: DOC237476 Pages: 13 (13)
Public

- The supplier has a procedure in place to identify and report information security incidents.
Vaisala has to be informed if an incident is anyhow related to Vaisala.

- The supplier has to have information security requirements used within subcontractors who
play a part in the supply chain of delivery of goods or services to Vaisala.

- The supplier complies with Vaisala’s Supplier Information Security Requirements (ID
260968)

- The supplier complies with applicable legislative, regulatory and industry data security and
privacy requirements such as EU General Data Protection Regulation (GDPR).

- Supplier has a background checking procedure for personnel in security critical positions.

Requirement 3: Product Safety, Security and Liability

- Supplier shall have a procedure to proactively communicate any potential product safety,
security or liability related issues to Vaisala.

8.3 Communication
Requirement 1: Communication with Vaisala

- The supplier appoints points of contact having organizational authorities to resolve any point
related to supply chain and the names and points have to be communicated to Vaisala.

- The supplier communicates timely and fact-based information for Vaisala.

- The supplier uses the supplier collaboration tool to communicate with Vaisala, if appropriate.

- The supplier uses the supplier web, if appropriate.

- When the customer representative changes, the supplier is responsible for updating contact
information for Vaisala.

- The supplier notifies Vaisala proactively if there are changes made that may have an impact
on the quality of provided product, raw material or service, including but not limited to
changes in ownership, manufacturing site, customer representative or financial state.

- The supplier has to provide agreed documentation in English.

9 Reference documents
PI216268-D: Package labeling - Procedure Instruction

PI218029-D: Product marking_General

ID 260968: Vaisala’s Supplier Information Security Requirements

© Vaisala 2021
Restricted