Best Practices on Managing Vendor Risk

Management of vendors  often involves :-

  • Signing a contract and on-boarding vendor

  • Review of vendor engagement financials

  • Management of boilerplate contracts

  • Review your insurance policies – to ensure that the vendor is part of your business continuity plans

  • Vendor Risk Management

Due-diligence Vendor risk management involves due-diligence as well as information security due diligence, before engaging. You can do this by sending questionnaires or going on-site searching for the best vendor-managed inventory on Information Transport Your security department must inspect how information is sent between you and the vendor. 

Image source: google

It is better to have an automated process because there are many aspects to be aware of when managing vendor risk. An inefficient manual process can cause communication gaps, make it difficult to manage vendor risk and force you to take a siloed approach.

Monitoring and managing SLA

A relationship manager can monitor vendors to ensure they deliver on time. This is only part of vendor SLA management. It is also necessary to have a way to keep track of all activities. This can be done manually, for example. This could pose a risk if you have word documents or a spreadsheet that is stored in a folder on someone else's desktop.

In short, efficient vendor risk management involves:

  • Know the risks that the vendor poses to your company.

  • Centralizing vendor controls assessment processes so everyone has one place to conduct assessments.

  • Automating vendor controls assessment so everyone uses the same process.

  • A central repository for remediation efforts that everyone can access to see the current status of their efforts.