Often times I find many people consider the lifecycle of a vendor to begin once the contract is in place and it to end once it’s terminated. Frankly, this is anything but the case. Many more steps must occur to truly manage the vendor through the ENTIRE lifecycle.
Deep Dive Into a Developed Vendor Lifecycle
There are 3 main phases of a vendor's lifecycle and many stages within each of those. In this blog post, let's cover the phases:
1. Pre-Contract – Selecting the Vendor: Prior to entering a contractual relationship with a vendor, you must perform the proper due diligence. It’s important to engage with vendors so that you are even more aware of the pros and cons each vendor has to offer in their industry.
On each of the contending vendors, be sure to perform the vendor vetting process and:
- Review the third party's financial history.
- Check for any reputational risk or consumer complaints.
- Run an OFAC check and essentially give the vendor a thorough “background check”.
- Perform an initial risk assessment. It’s not just a requirement once the vendor is on board but also during the onboarding phase. This will help you determine the vendor’s business impact and regulatory risk to the organization.
- Document your steps well and share with the board or approval committee before making the final decision.
- Continue to review the contract to verify if the vendor is meeting expectations and service level agreements.
- Stay on top of upcoming renewal notice periods or contract expirations.
- Monitor the vendor’s risk level by completing an annual risk assessment.
- Last but certainly not least, the most current due diligence should be on file at all times, such as SOC reports and financials, by reaching out to the vendor prior to the expiration and an analysis should be performed on each to verify the results are sufficient and that you’re confident continuing business with the vendor is acceptable.
3. Post-Contract – Terminating the Vendor Relationship: Sometimes the vendor relationship is no longer needed or is simply no longer working out. That's when you take steps to end the relationship properly. Be sure to identify what happens to any confidential information even after the relationship ends.