Vendor Due Diligence Checklist and QuestionnaireBernie Lapierre2020-11-12T11:35:17-05:00
Vendor Due Diligence
A comprehensive vendor due diligence program can ensure longevity in your business partnerships and prevent critical risks from materializing. Strengthen your organization today with LogicManager’s Vendor Due Diligence solution.
In 2013, Target fell victim to a security breach that gave hackers access to millions of customers’ sensitive information. On top of the $202 million they spent on legal fees, Target shelled out nearly $20 million in a multistate settlement. Their sales also decreased dramatically.
The hackers gained access via a third party POS system. In other words, the entire scandal could have been prevented had Target practiced proper vendor due diligence. The Vendor due diligence process involves of assessing and evaluating third parties against a set of specific criteria. Thorough vendor due diligence provides a platform for success when working with third parties.
Vendor due diligence must be both comprehensive and efficient, which often means countless hours spent on paperwork and spreadsheet management. However, with LogicManager’s vendor due diligence content package, you can streamline those the vendor due diligence process across your entire organization.
Vendor Due Diligence Risks
At LogicManager, we live by the fact that you can outsource a business process, but you cannot outsource risk. But given the fact that vendor information can change at any time, it doesn’t matter how in depth your vendor due diligence process may be. At the end of the day, your organization is still vulnerable to the variety of evolving risks that your third parties face.
If there is a critical change to one of your vendors, chances are that you won’t be informed immediately, which leads to blind spots. That’s why it’s critical to have a business process in place for after you’ve collected due diligence information to ensure that you are performing your due diligence proactively on a regular basis.
Customers don’t care if your vendor is ultimately to blame for an issue; the reputational damage is ultimately a forfeiture felt directly by your company. Not only will a scandal like Target’s impact your bottom line, but in the absence of software, consultants and additional FTEs hired to run your vendor due diligence efforts are never cheap.
Vendor Due Diligence Checklist: Key Criteria
Consistently evaluating your third parties is vital for effective vendor risk management. You should evaluate all third parties on a regular basis, benchmarking them against specific criteria. Below is a vendor due diligence checklist for the areas you should focus on completing vendor due diligence for when vetting potential new vendors or assessing existing vendors:
Vendor Due Diligence Checklist Item #1: Conditions of Facilities
Does the staff have effective cleaning measures in place?
Is the location exposed to hazardous matter?
Is the internal environment properly climate controlled?
Vendor Due Diligence Checklist Item #2: Staff Training Policies
How comprehensive is their worker training program?
How are their employee retention rates?
Is there a clear and skilled leader?
Vendor Due Diligence Checklist Item #3: Cybersecurity Practices
How do they manage and protect their data?
Is access to sensitive information controlled and limited to specific users?
What is their maintenance schedule?
Vendor Due Diligence Checklist Item #4: Business Continuity Process
How easily can they identify key operational personnel?
What is their recovery point objective (RPO) and recovery time objective (RTO)?
Have they prioritized an off-site backup?
It’s standard procedure to maintain robust, sustainable evaluations for vendors. Many organizations, however, fall short by failing to evaluate on a regular basis. Producing a periodic supplier due diligence report for each prospective and existing vendor allows you to confirm that all third parties are adapting appropriately with the changing risk environment.
Vendor due diligence with LogicManager
House all vendor due diligence efforts in one centralized repository to ensure information is being collected from each vendor on an appropriate basis and save time searching for information.
Automate your business process to maintain due diligence on the right cadence and scope. The automation won’t limit you, however; you can always request additional information from your most critical vendors. Dedicate the time you save on a manual business process to pursuing other strategic goals.
Consistently evaluate which vendors are most critical to your organization so that you can dedicate resources wherever they’re needed most. Ensure that your organization is aware of all key and relevant information about the third parties you work with, including security protocols, outstanding lawsuits or any other issues against another potential partner.
Should one of your vendors ever pose a risk to your organization, LogicManager’s vendor due diligence content package equips you with the appropriate information to evaluate the severity of the risk. By leveraging cross-departmental context, you can easily measure the impact of the risk, enabling you to in the next part of the business process to communicate information to your employees or customers as needed. Easily maintain an audit trail with our vendor due diligence solution. Should a breach occur at the hands of one of your vendors, you’ll be able to point to a specific document demonstrating the information that was available to you prior to the incident.
LogicManager’s Vendor Due Diligence solution
LogicManager’s vendor due diligence content package is your go-to solution for staying on top of third party risk management.
Initial and ongoing vendor due diligence workflows streamline your process and keep your end users on task. This automation ensures that vendors are prompted to complete their relevant inquiries, and based on their responses, funnels the data into the proper criticality bucket.
Out-of-the-Box Relationship Fields provide you with best practice questionnaires to assess your vendors with purpose. These questionnaires can be used as is or customized to fit your needs.
Visibility rules can be set up on your risk assessment questionnaires to allow you to collect more information whenever needed.
Out-of-the-Box Relationship Automation Rules allow you to set up criteria to determine a vendor’s criticality based on their due diligence questionnaire responses.
Leveraging our hierarchy or a profile field to classify a vendor’s criticality allows you to easily see your most critical vendors. If they’re deemed critical, our process system allows you to automate due diligence through ongoing rules and workflows.
Due Diligence Table Report – View all vendor due diligence information in an excel-friendly export.
Due Diligence Narrative Report – Drill in on versions of the table report mentioned above for each of your specific vendors and generate the results in a succinct PDF.
Relationships Field History Report – See how each vendor response has changed over time and determine whether they should be deemed more or less critical.
Count of Vendors by Folder – Quickly identify how many vendors are at each level in the hierarchy.
All Tasks Report – Easily filter out tasks based on their status.
Open Tasks Due in the Next 90 Days – Gain insight into which vendor questionnaires you should expect to be completed in the next 90 days.
Overdue Tasks – Identify which vendors have not yet completed their questionnaires by the given due date.
At LogicManager, we understand that there are many different teams involved with managing vendors; compliance, business continuity, IT and other departments all dedicate time and energy into helping complete important vendor due diligence. By using our all-in-one centralized third party risk management platform, all stakeholders can access everyone’s work and easily bring it into their programs without duplicative efforts.
Vendor Due Diligence Software: Free Demo
Want to make sure you’re working with the best of the best? Request a free demo of our vendor due diligence solutions package today!
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.