Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit


Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

Over 800 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2020 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

Join the thousands of risk and compliance professionals who subscribe to Venminder

How to Review a Vendor Contract

4 min read
Featured Image

Negotiation is vital. Do not accept the first contract that you see as changes to accommodate special requests by both parties are common and often necessary. It can be challenging, but break it down, take your time and eventually you will have an acceptable contract between your organization and the third-party vendor. 

15 Steps to Take for Vendor Contract Reviews 

Here are 15 steps to help you with your contract reviews:

  1. Review the scope of services. You want to verify there are provisions, such as the following, included:
    • The products and/or services the vendor will provide
    • Rights and responsibilities of both parties (your organization and the third-party vendor)
    • Language around any timeframes promised or custom services requested
    • Rights to modify products and/or services
    • Any guidelines around adding products or services and contract re-negotiation

  2. Locate the performance standards and make sure they are adequate. Here you should find the service level agreement (SLA) requirements, remedies and any penalties if the SLAs are not met.

  3. Verify the duration of the contract is correct. Confirm that the term, renewal term, non-renewal and termination notice periods and anything else related to timeframes are accurate.

  4. Ensure there is a default and termination clause within the contract. Also, be sure to review for early termination fees in the event you need to terminate the agreement for convenience as these can become quite costly.

  5. Consider costs and price increase language. In the fee description, you are looking for information pertaining to the following:
    • Cost overview
    • Increase limitations
    • Support for merger/acquisition activity and costs
    • Payment terms
    • Late fee language
    • Deconversion fees
    • If applicable, who is responsible for cost to provide or maintain software and/or hardware

  1. Always looks for security and confidentiality provisions. This should include information on how the vendor plans to safeguard your data, prevent exposure to breaches, how they will notify you of a breach and how they plan to mitigate future incidents. You also want to confirm how the vendor will return or destroy your data or assets if the relationship terminates. Are there geographical limits on where data can reside and/or be transferred?  

  2. Look at the audit requirements. Verify there is a description of audit reports your organization is entitled to receive – like a SOC 1, SOC 2 and SSAE 18 – and that they are provided annually at no cost to you.

  3. Understand what reports will be made available to you and if there will be any fees for customizations. Reports often considered, but not limited to, are the following:
    • Financial statements
    • Performance reports
    • PCI compliance certification

  1. Look to verify business resumption and contingency plan language is included within the contract. You are seeking provisions around disaster recovery, business continuity and back-up record protection. This should include annual testing and provision of a summary of test results.

  2. Be sure the vendor outlines their policies around subcontracting. This should include that your vendor will provide required due diligence documents for any subcontracted vendors and notify you in advance of any changes to subcontractors.

  3. Ownership and license information should be included in the contract. There should be a description of ownership, rights and allowable use of your organization’s data, system documentation and other intellectual property. Also, look for protection by the vendor in the event of a patent/copyright infringement claim. It is important to make sure there are protection rights for your organization outlined within!

  4. Confirm the contract includes a clause pertaining to indemnification. This is so that the vendor will hold your organization harmless from liability due to negligence of the vendor.

  5. Review the limitation of liability to verify it equates to the amount of loss your organization might experience as a result of the vendor’s failure to perform.

  6. Provisions around dispute resolution should always be included too. Be sure to identify how and where disputes will be heard. Many arbitration clauses benefit the vendor, so be sure to have your expert legal team review before signing!

  7. And, to bring it all home, review the general provisions. You are looking for provisions such as the following:
  • Survival
  • Governing law
  • Contract conflict – order of precedence
  • Severability
  • Failure to exercise/waiver
  • And more, depending on the vendor relationship in review, as the provisions necessary aren’t limited to these five

Have a qualified subject matter expert, such as a paralegal, write up the analysis. Once you have your analysis in hand, reach out to the vendor to discuss any terms that may be missing and next steps to negotiate them into the contract. 

And just like that, you have taken steps to fully review a vendor contract.

Dive deeper into how to negotiate and manage your vendor contracts. Download the infographic.

New call-to-action

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo