Welcome to ForgeRock's Procurement Hub

ForgeRock strives for excellence in every aspect of its business and is committed to building a diverse and responsible supply chain. A responsible procurement policy exists to ensure the purchase of goods and services considers both the diversity of the supply chain and impacts on the environment whilst meeting our business requirements.

We welcome proactive engagement from both existing and prospective supply chain partners. Please use the [email protected] mailbox to issue any correspondence and we will respond in a timely way.

As a reminder to all existing supply chain partners, we know how important it is to get you paid on time and request all billing documentation is issued directly to [email protected] to ensure we complete payment on time.

Prospective supply chain partners

All new partners need to have an appropriate procurement review completed prior to contract. The review is focussed on ensuring ForgeRock are achieving value for money from the engagement, considering the diversity of the supply chain, impacts on the environment and completing an appropriate level of due diligence based around the level of risk and criticality of the service that you deliver to ForgeRock. As such, partners are requested to engage ForgeRock procurement at the earliest opportunity by sending an email to [email protected] where a member of the procurement team will respond.

To help new partners proactively consider some important areas to ForgeRock, there is further guidance detailed in the ForgeRock Expectations section below.

Existing supply chain partners

ForgeRock is committed to driving relentless improvement to the services we offer to customers and we encourage supply chain partners to approach ForgeRock with a similar mindset. On this basis, we request existing supply chain partners to proactively engage [email protected] with opportunities and improvement initiatives.

ForgeRock also requires supply chain partners to maintain the high standards that were evidenced during the onboarding due diligence where supply chain partners will be requested to complete periodic assessments, appropriate to the risk and criticality of the service, at least annually throughout the life of the contract.

ForgeRock Expectations

ForgeRock operates to the highest level of privacy, enterprise security, compliance, ESG and legal standards. On this basis, dependent on the level of risk and criticality of the service, supply chain partners will be required to adhere to the following:

  • ESG - complete the following questionnaire and declaration - ATTACHED
  • Enterprise Security - complete the Whistic assessment, provide appropriate assurance documents (SOC2, ISO27001 etc) and incorporate the following security addendum into the contract ATTACHED.
  • Privacy: DPA (for software providers) or SPA (for data brokers & event hosts)

This site provides ForgeRock's suppliers and partners ("Partners") with up-to-date guidelines on ForgeRock Procurement.

Please note that the legal documents referred to below govern the relationship between each Partner and ForgeRock. If you have any questions, we advise you to refer this page to your legal department.


Key Privacy Law Concepts

Do you need to refresh your knowledge of key privacy law concepts? If so, please click here.


ForgeRock Partner Service Terms

ForgeRock separates its Partners into two broad categories:

Marketing Services Partners

These are Partners who provide personal data to ForgeRock via services including data brokerage, content syndication, and marketing events.

ForgeRock's Expectation:

Partners should incorporate the Supplementary Privacy Addendum into Partner’s terms and conditions.

Supplementary Privacy Addendum

Click below to access the incorporating clause.

Incorporating Clause

Cloud/Technology Service Partners

These are Partners who access ForgeRock’s personal data to provide services to ForgeRock:

ForgeRock's Expectation:

Partners should incorporate the Data Processing Addendum into Partner’s terms and conditions.

Data Processing Addendum

Click below to access the incorporating clause.

Incorporating Clause

ForgeRock Partner Risk Assessment

If deemed appropriate by ForgeRock, a prospective or current Partner will be sent a confidential Third-Party Risk Assessment questionnaire ("TPRA") to establish security & privacy credentials.


ForgeRock Partner Vetting

As you would expect, ForgeRock shall comply with its global legal obligations by vetting each Partner’s corporate data for anti-bribery, anti-corruption, anti-money laundering, and anti-terrorism laws on an ongoing basis.