TS-RDC-03 - Due-diligence on delivery partners

TS-RDC-03 Trust & Stewardship Risk, Data & Compliance CORE Compliance v2.9.7

Due-diligence on delivery partners

This criterion assesses whether the organization conducts proportionate, risk-based due diligence on delivery partners, sub‑grantees, and implementing agents. It covers verification of identity, legal status, governance, financial controls, competence, safeguarding, and data protection. It requires explicit go/no-go gating, operational AML/CTF controls, and a risk-tiered monitoring system to protect funds, beneficiaries, and reputation in line with Islamic values.

UK Charity Law

The Essential Trustee (CC3) (Proper use of funds)
Charities and Risk Management (CC26) (Embed partner risk assessments)
Internal Financial Controls for Charities (CC8) (Segregation, approvals, evidence)
Compliance Toolkit: Protecting Charities from Harm (Ch.2 Due diligence)
CC9 Speaking out: guidance on campaigning (Political activity rules for partners)
Safeguarding and protecting people for charities and trustees (Set safeguarding expectations for partners)

ISO Standards

ISO 37001 — Anti-bribery management systems (Cl. 8.2-8.3)
ISO 37301 — Compliance management systems (Cl. 8.2)
ISO 9001 — Quality management (supplier eval; Cl. 8.4)
ISO 31000 — Risk management — Guidelines

Excellence Frameworks

Other Regulatory

Related Criteria

TS-RDC-01 Multi‑scenario financial stress‑testing documented TS-RDC-02 Complaints & whistle-blowing mechanism TS-RDC-04 Serious-incident reporting & escalation TS-RDC-05 Cyber-security baseline (NCSC Cyber Essentials – UK) TS-RDC-06 GDPR accountability & DPIA log

Version

2.9.7 2025-11-05

Discussion (1)

Administrator 2026-03-07 11:07:50.777058

📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json

Back to Criteria

Unite

Empower

Serve

About

Due-diligence on delivery partners

Related Criteria

Discussion (1)