Project Description

Request a Demo

Vendor Due Diligence Checklist: How To Select A Third Party


What is Third Party Vendor Due Diligence?

Vendor due diligence is the process of assessing and evaluating third parties against a set of specific criteria. Thorough vendor due diligence provides a platform for success when working with third parties.

For example you can outsource a process, but you can never outsource the risk. Many of the scandals dominating the news today stem from failures in supplier and vendor due diligence: a breakdown in the supply chain, contaminated ingredients, unpatched software.

The truth is, these scandals are entirely preventable with proper vendor due diligence. Even better, try applying a vendor due diligence checklist so that you have a repeatable process.

Vendor due diligence is always important, but it’s critical when a vendor services a core business process or accesses confidential, sensitive information. Breaches by these third parties can often be the most costly to an organization.

See Also: What is Vendor Management?

Vendor Due Diligence Checklist: Key Consideration Criteria

Vendor due diligence must be both comprehensive and efficient, which often means countless hours spent on paperwork and spreadsheet management. However, consistently evaluating your third parties is vital for effective vendor risk management. You should evaluate all third parties on a regular basis, benchmarking them against specific criteria.

Below is a checklist for the areas you should focus on completing due diligence for when vetting potential new vendors or assessing existing vendors:

Vendor Due Diligence Checklist Item #1: Conditions of Facilities

  • Does the staff have effective cleaning measures in place?
  • Is the location exposed to hazardous matter?
  • Is the internal environment properly climate controlled?

Vendor Due Diligence Checklist Item #2: Staff Training Policies

  • How comprehensive is their worker training program?
  • How are their employee retention rates?
  • Is there a clear and skilled leader?

Vendor Due Diligence Checklist Item #3: Cybersecurity Practices

  • How do they manage and protect their data?
  • Is access to sensitive information controlled and limited to specific users?
  • What is their maintenance schedule?

Vendor Due Diligence Checklist Item #4: Business Continuity Processes

  • How easily can they identify key operational personnel?
  • What is their recovery point objective (RPO) and recovery time objective (RTO)?
  • Have they prioritized an off-site backup?

It’s standard procedure to maintain robust, sustainable evaluations for vendors. Many organizations, however, fall short by failing to evaluate on a regular basis. Producing a periodic supplier due diligence report for each prospective and existing vendor allows you to confirm that all third parties are adapting appropriately with the changing risk environment.

Third Party Vendor Due Diligence Software

With LogicManager’s vendor due diligence software, organizations can streamline the entire supplier due diligence process. Assign responsibility for subsets of the vendor review, collect key information, documents, and sign-offs from across departments, and report all changes, updates, and reviews for each vendor. LogicManager’s Vendor Management Software allows external providers to log into a more limited version of your LogicManager GRC portal, so their information is imported directly into your vendor repository.

Our vendor management due diligence software includes all core topics:

Get this solution.

If you’re already a LogicManager customer, you can contact your advisory analyst to activate this plugin! If you’re new to LogicManager, you can request a personalized demo to see how our vendor due diligence checklist and questionnaires can help you.

see a demo
download datasheet
Request a Demo
More Plugins