Skip to Content
Welcome to the Novantra documentation.
GuidesGovernanceModulesParty Engagements

Party Engagements

The Party Engagements module governs the relationships your organization has with external parties that perform work, process data, or supply goods and services. Where the Party module tracks party identity (the supplier’s name, address, contacts), Party Engagements tracks the governed posture of each engagement: the due diligence performed, the right-to-audit clauses agreed, the assurance reviews completed, the periodic service reviews, the outsourcing and subcontracting posture.

This module is the third-party-risk-management layer of the governance program. A supplier might exist as a party because they ship you screws. The same supplier becomes a party engagement when there’s a governed relationship that needs to be tracked — a master services agreement, a processor relationship, an outsourced service, a subcontracted process.

When you would reach for this

You set up party engagements when:

  • A supplier or service provider needs governed due diligence before contract signing.
  • A processor relationship (a third party processing your data) needs formal record-keeping for privacy or regulatory purposes.
  • An outsourcing arrangement needs governance: scope, key controls, transition state, exit plan.
  • A subcontractor chain (your supplier’s supplier) needs visibility for risk reasons.
  • Contracts include right-to-audit clauses that need to be tracked and exercised periodically.
  • Periodic supplier assurance reviews or service reviews are required by your program.

You don’t reach for this when capturing the party’s identity (that’s Party) or the contract document itself (that’s the DMS through Document Governance). Party Engagements is the governance posture of the engagement.

What lives in party engagements

Several record types working together:

Party engagement is the engagement itself. It carries:

  • A title and a stable key.
  • The provider party (the external party providing the service or goods).
  • An engagement kind (supplier, processor, outsourcing, subcontracting, joint-venture, professional-services, etc.).
  • A status walking through prospective, active, under-review, terminating, terminated, archived.
  • An owner (the responsibility assignment accountable for the engagement).
  • Engagement-specific snapshots capturing service scope, contract refs, key dependencies.

Outsourcing arrangement is a specialized engagement detail for outsourced operations.

Subcontractor record captures known subcontractors in your supplier’s chain.

Due diligence review captures a structured pre-engagement or periodic review of the party: financial standing, security posture, compliance posture, reputational checks, sanctions screening.

Right-to-audit record captures the right-to-audit clause’s existence, scope, last exercise, and next planned exercise.

Supplier assurance review captures a periodic assurance review of the supplier’s controls and posture.

Service review captures the periodic review of service delivery against the agreement.

A worked example: an apparel brand governs its global supplier engagements

A global apparel brand sources from many manufacturing partners across multiple regions, uses freight forwarders to move goods, contracts with dye houses for finishing, and engages audit firms for periodic supplier assurance work. Each relationship is governed. The supplier compliance director, Hana, sets up Party Engagements like this.

Step 1: register engagements per partner. For each supplier the brand has a governed relationship with, Hana creates a party engagement:

  • Manufacturing partner A: kind supplier, status active, owner the sourcing director.
  • Freight forwarder B: kind supplier, status active, owner the logistics director.
  • Dye house C: kind subcontractor, status active (subcontracted by manufacturing partner A).
  • Audit firm D: kind professional-services, status active, owner the supplier compliance director.

Step 2: due diligence at onboarding. For each new supplier, a due diligence review is created and routed for completion:

  • Financial standing check.
  • Code-of-conduct attestation.
  • Labor practices audit results.
  • Environmental compliance posture.
  • Sanctions and watchlist screening.

The review captures the structured outcome; an approved review is required before the engagement transitions to active.

Step 3: right-to-audit tracking. Master agreements with key suppliers include right-to-audit clauses. Hana records each:

  • The contract reference.
  • The audit scope the right covers.
  • The cadence allowed (typically annual).
  • The last time the right was exercised (or never).
  • The next planned exercise.

When the brand exercises its right to audit a supplier, the resulting assurance work becomes both a supplier assurance review and (if the supplier engages the brand’s audit firm) a separate professional-services engagement.

Step 4: periodic supplier assurance. Hana’s team runs annual assurance reviews on key suppliers. Each review captures:

  • Scope (which aspects of the supplier’s operations were assessed).
  • Methodology (the brand’s standard supplier assurance methodology).
  • Findings (specific gaps).
  • Action items.
  • Sign-off.

Findings raised by supplier assurance reviews flow into the brand’s main Findings register, with the engagement as the source.

Step 5: service reviews. Quarterly, Hana’s team runs service reviews on critical suppliers: did they meet SLAs, were there incidents, are there contractual issues to escalate. Each review is a record, with the engagement as the subject.

Step 6: subcontractor visibility. When manufacturing partner A engages dye house C as a subcontractor, the brand records the subcontractor relationship. This gives visibility into the supply-chain depth that wouldn’t otherwise exist.

After a year:

  • Every supplier engagement has its due diligence, right-to-audit, supplier assurance, and service review records.
  • Approaching review-due dates are surfaced for action.
  • Findings from supplier assurance reviews are tracked through the main findings register.
  • An external auditor (or the brand’s own board) can see the full third-party risk posture in one place.

Engagement kinds

KindMeaning
supplierA goods or services supplier.
processorA third party that processes data on the organization’s behalf.
outsourcingA service operationally delegated to a third party.
subcontractorA third party engaged by your supplier (typically tracked for visibility).
joint-ventureA formal joint-venture relationship.
professional-servicesConsulting, legal, audit, advisory engagements.
agentA third party acting on the organization’s behalf.

Kind is free text; use what your organization uses.

What you’ll see in the product

Party Engagements lives under Governance → Party Engagements in the workspace.

Multiple top-level tabs: Engagements, Due Diligence, Right-to-Audit, Supplier Assurance, Service Reviews, Outsourcing, Subcontractors.

Inside an engagement, you see:

  • The provider party (with deep link to the party record).
  • The kind, status, owner, and snapshots.
  • Linked due diligence reviews, right-to-audit records, supplier assurance reviews, service reviews.
  • Linked subcontractors.
  • Linked risks (the engagement-related risks).
  • Linked findings (raised from supplier assurance and service reviews).
  • Activity history.

Every change is captured in the workspace Audit Log.

Common workflows

Onboarding a new supplier

  1. The party record is created in Party (basic identity).
  2. Party Engagements → New engagement. Kind, owner, status prospective.
  3. Create a due diligence review.
  4. Once due diligence is complete and approved, transition the engagement to active.
  5. If the contract includes a right-to-audit, create the corresponding record.

Running periodic supplier assurance

  1. From the engagement, create a supplier assurance review.
  2. Capture scope, methodology, findings, action items.
  3. Findings flow into the main findings register.
  4. Review the engagement’s previous supplier assurance reviews for trend.

Exercising a right-to-audit

  1. From the right-to-audit record, mark the exercise.
  2. Conduct the audit (often through the Assurance module’s engagement workflow).
  3. Update the right-to-audit record with the exercise date and outcome.
  4. Set the next planned exercise date.

Terminating an engagement

  1. Transition status to terminating with planned termination date.
  2. Capture the wind-down plan (data return or destruction, transition assistance, exit assurance).
  3. Once complete, transition to terminated.
  4. The engagement remains visible historically for audit purposes.

Looking for the API?

See Party Engagements API reference for the v1 REST endpoints to read engagements, due diligence reviews, and right-to-audit records from an external system.

  • Party - party identity (which the engagement references).
  • Risks - third-party risk is anchored on engagements.
  • Assurance - assurance engagements often target party engagements.
  • Findings - supplier assurance findings live here.
  • Document Governance - contract documents are governed there.
  • Controls - third-party-risk controls reference party engagements.
Last updated on
AssetsChange Management