Vetting vendors is a critical phase of the vendor lifecycle. Most of us know our organization’s requirements for vetting a US-based vendor, but what about an international vendor? Do these requirements change?
The answer is most likely. If the requirements don’t change, then they probably should be reevaluated. The matter of fact is that although there’s absolutely nothing wrong with working with an international vendor, the risk is heightened.
8 Tips for Vetting an International Vendor
Here are my eight tips when vetting an international vendor:
- Make sure the international vendor’s policies and procedures align with your organization’s expectations.
- Ask for the vendor’s address and any other basic business information. By knowing location, you can determine whether they're in a geopolitically sensitive area or not.
- Thoroughly understand their hiring practices.
- Verify if there are ways of truncating US customer information or ensure it can't be compromised.
- Write into the contract a right to audit provision and calculate how quickly you could get there should an incident occur. Of course, travel time and expense are much more so you’ll want to understand that upfront.
- OFAC/PEP checks are critical as you want to know who their owners and key management team are. Make sure they aren’t affiliated with a foreign entity that you don’t want to associate your organization’s name with.
- Ask for information about their premises. For example, do they have security cameras on-site?
- Request their policies and procedures. Within that, look for the things like a clean desk policy, hiring practices, reporting practices, etc.
Implementing these eight best practices should help your organization better understand the international vendor you’re evaluating.
Regardless of where your vendor is, take these 19 steps during the vetting process. Download the eBook.