(270) 506-5140 CONTACT US
Due Diligence

3 Phases of the Vendor Lifecycle

Mar 7, 2018 by Venminder Experts

Often times I find many people consider the lifecycle of a vendor to begin once the contract is in place and it to end once it’s terminated. Frankly, this is anything but the case. Many more steps must occur to truly manage the vendor through the ENTIRE lifecycle.

Deep Dive Into a Developed Vendor Lifecycle

There are 3 main phases of a vendor's lifecycle and many stages within each of those. In this blog post, let's cover the phases:

1. Pre-Contract – Selecting the Vendor: Prior to entering a contractual relationship with a vendor, you must perform the proper due diligence. It’s important to engage with vendors so that you are even more aware of the pros and cons each vendor has to offer in their industry. 

On each of the contending vendors, be sure to perform the vendor vetting process and:

  • Review the third party's financial history.
  • Check for any reputational risk or consumer complaints.
  • Run an OFAC check and essentially give the vendor a thorough “background check”.
  • Perform an initial risk assessment. It’s not just a requirement once the vendor is on board but also during the onboarding phase. This will help you determine the vendor’s business impact and regulatory risk to the organization.
  • Document your steps well and share with the board or approval committee before making the final decision.

2. Contract – Managing the Vendor: Congratulations, you’ve thoroughly vetted your vendor, negotiated the contract and are now ready to begin working with them. What now? Contract management, ongoing monitoring, periodic risk assessments and due diligence maintenance are all necessary to remain compliant.
  • Continue to review the contract to verify if the vendor is meeting expectations and service level agreements.
  • Stay on top of upcoming renewal notice periods or contract expirations.
  • Monitor the vendor’s risk level by completing an annual risk assessment.
  • Last but certainly not least, the most current due diligence should be on file at all times, such as SOC reports and financials, by reaching out to the vendor prior to the expiration and an analysis should be performed on each to verify the results are sufficient and that you’re confident continuing business with the vendor is acceptable.

3. Post-Contract – Terminating the Vendor Relationship: Sometimes the vendor relationship is no longer needed or is simply no longer working out. That's when you take steps to end the relationship properly. Be sure to identify what happens to any confidential information even after the relationship ends.

To dive deeper into these phases and related stages, download our Vendor Risk Management Lifecycle infographic.

how to write a third party policy


Venminder Experts

Written by Venminder Experts

Venminder has a team of third-party risk experts who provide advice, analysis and services to thousands of individuals in the financial services industry.

Follow Venminder Experts

Subscribe to the Venminder Blog