Synchrony Supplier Diversity
Supplier Diversity

Diversity makes us better. It’s that simple. Our cardholders and clients each have different and unique backgrounds, experiences and ambitions, and we’re looking for diverse suppliers to help us address them through innovative solutions. Supplier diversity helps us reach and enable new markets and customers across our business community. Diversity of background, experiences, thought and perspectives across an expanded supplier base not only drives creativity and innovation, but also makes us a stronger partner.


Our Commitment

We are committed to building and maintaining a diverse supplier base. We actively seek out certified and qualified diverse businesses to benefit our supply chain partners, our cardholders, our clients and Synchrony.

Synchrony Existing Supplier
Existing Supplier

Thanks for all you do for us! We’re here for you, too. Everyone has questions occasionally, so these tools and tips will help you navigate our Sourcing and Supplier Management processes.

Self-Service Tools

Steps for completing a Supplier Information Request Form (SIRF)
  1. Completing a SIRF requires MetricStream access. An email should be received by the contact provided to your company’s Synchrony Supplier Manager. Note: If an Information Security Assessment is also required you will receive TWO IDs and passwords, please take note to use the proper ID/Password with the correct system.
  2. SIRFs are required based on the risks posed by the product(s) or service(s) being provided by a supplier. Synchrony requires completion of questionnaires to assess your control environment. These tasks are known as SIRFs (Supplier Information Request Forms). An email notification will be sent when a SIRF is assigned for completion.
  3. Log into MetricStream using the username and Password provided. Once authenticated you will see a page with a navigation tab labeled “My Tasks.” You can also access your tasks/SIRFs from the top navigation– by clicking “New” in green or the “Past due” in red.
  4. Click on any of the links in the "My Tasks" list to display your SIRFs.
  5. Once the SIRF opens you will see a Pencil icon in the top right hand corner of the page. Click this icon to toggle the form into edit mode.
  6. All mandatory questions will be indicated with an asterisk.
  7. Attachments can be uploaded within the SIRF. Every question will have an attachment option.
  8. Once all questions are completed in the form, scroll to the bottom of the page and you will see a dropdown box labeled “Action;” select “Submit.”
  9. Lastly, in the upper right corner a green “check mark” replaced the pencil icon. Please select the green check mark to submit the form.
  10. If clarification is required after receipt of the responses, the SIRF will be reinitiated and will be in your queue once more. An email will notify you to return to the SIRF and comments will be made on the questions indicating additional information needed.
  11. Past due emails will be sent if the SIRF is not completed within the due date.
  12. If you wish to reassign the SIRF to someone else in your company, notify Synchrony at this email address:
Why do I have to answer a Supplier Information Request Form?

Synchrony is a regulated entity and is required to perform due diligence activities with the suppliers we engage. Having representatives from our Supplier organizations complete these questionnaires directly in our system ensures the most accurate information is provided, so we may assess Supplier Risk appropriately.

Does the internet browser I use matter?

Yes, please use Internet Explorer when you access MetricStream. If you do not have Internet Explorer you may also use Chrome.

First login

The first time when you create a new user ID, you may need to log out and login again for the credentials to work faster.

Can I attach supporting documentation?

Yes. You can attach supporting documentation for every question by leveraging the attachment box to the right of every question in your SIRF.

How can I change my password (all assessments except Information Security)?

You can change your password at:

Can more than one person from my company have access to MetricStream to complete the questionnaire?

Yes. Send an email to along with the First/Last Name of the individual and their email address. A new SSO ID and password will be sent to your colleague.

My name changed; can I update my name in MetricStream?

Yes. You can change your user profile details by logging into the registration portal - However the User ID will remain the same.

Will I have to fill out an assessment again?

You will be required to complete assessments periodically based a continued relationship with Synchrony

I cannot see my tasks even though my Supplier Manager indicates they should be present

If you cannot see tasks on the main page please check the "My Tasks" drop down icon at the top of the page. If they are not present in the top navigation, then please contact

I am a new relationship manager for the Synchrony account; what do I do?
  1. Please contact your Supplier Manager and alert them of the contact change
  2. You will also need to complete a new user registration, please refer to the ‘Registering a new account link’
  3. Once you complete a new registration, please contact so we can change the Engagement's primary contact and reassign any outstanding tasks/SIRFs
What is the next step after the assessment?

You will be required to complete assessments periodically based a continued relationship with Synchrony

I am getting an error message, which says “Not authorized to View”

This error message appears when someone else from your company has access to the assessment, but is not a registered contact for this engagement. We can help you set it right once you let us know the correct contact at:

Accessing Keylight

Access Keylight via

  1. Choose Standard Login
  2. Login using user credentials for Keylight provided to you by Synchrony
  3. Select your Company profile
  4. View the Questionnaire tab, then answer the questions for each section
What is a SIRF?

Stands for Supplier Information Request Form. It is a questionnaire used by Information Security to determine if a supplier has information security controls and best practices (e.g. NIST, PCI, ISO 27001) in place.

If we have questions about completing the questionnaire, who do we contact?

Send an email to or contact your Synchrony Supplier Manager.

How do we provide evidence or artifacts to demonstrate control effectiveness?

Suppliers can upload artifacts directly within Keylight Application or send documents using secure email (or Transaction Layer Security ((TLS)) if established with Synchrony).

Can more than one person from my company have access to Keylight to complete the questionnaire?

Yes. Send an email to along with the First/Last Name of the individual and their email address. A representative from the Third Party Security team will respond and send new user credentials to your colleague.

Do you have a problem? Let us know! Email Technical Support at:

Metric Stream

MetricStream is our GRC tool capturing all non-Information Security Assessments


Keylight is our Information Security Assessment Tool

Password Reset

Did you forget your password? Follow this link to reset it

Synchrony Become a Supplier
Become a Supplier

Do you have new and innovative products and ideas? Tell us about your company and your unique ambitions to partner with us by completing the below profile. We’ll review your profile for future sourcing projects and contact you if we see a fit.

Supplier Profile Form

  • Airplane
  • Camera
  • House
  • Phone
  • Tree
Your information has been sent successfully.
There was a submitting error, please try later.
Synchrony Our Supplier Management Program
Our Supplier Management Program

Our primary focus is to execute a comprehensive Supplier Management Program (SMP) that proactively identifies, mitigates, and manages risks associated with the use of third party suppliers delivering the best overall performance and complies with the many regulatory requirements in this area.


  • Read and understand our Supplier Code of Conduct
  • Comply with the spirit and letter of all applicable laws and regulations
  • Treat Synchrony’s customers fairly and with the utmost respect
  • Adhere to contractual responsibilities
  • Complete and return all Correspondence in timely manner

Appropriate to the risk and complexity of the engagement SOME or ALL requests may apply as part of Synchrony Risk-based Controls


  • Customer/cardholder interaction.
  • Services are subject to laws/regulations.
  • Sensitive data is shared.


  • Low exposure to operational loses.
  • Services are not subject to law/regulations.
  • No sensitive data is shared.