Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2021 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resource-whitepaper-state-of-third-party-risk-management-2022
State of Third-Party Risk Management 2022

Venminder's sixth annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

3 Steps to Implement Vendor Scorecards

4 min read
Featured Image

Onboarding a new vendor takes a lot of time and effort, and the work shouldn't stop after the contract is signed. Ultimately, an organization engages external vendors to assist in resolving problems, augmenting business capabilities/capacity or providing opportunities.


So, continually confirming that the vendor relationships are providing the expected value is vital. Vendor performance monitoring makes this possible. And, vendor scorecards are an invaluable tool to track and measure vendor performance.

Implementing Vendor Scorecards: Overview of Steps to Take

Develop Metrics Identify KPIs SLAs

Develop Metrics - Identify KPIs and SLAs

With the help of metrics, scorecards capture and report information about vendors' performance. Let's explore the different types of metrics:

First, you should know there are two kinds of metrics: objective and subjective.

Objective metrics (also known as quantitative) are those that represent things that can be counted or measured. Objective metrics are based on data and established criteria which generate reliable and stable results. Examples include:

  • Quantities or volumes
  • Capacity
  • Time
  • Percentages
  • Cost
  • Defects found

Subjective metrics (also known as qualitative) indicate something observed, experienced or perceived. Subjective metrics are derived from opinions, impressions and judgments. The output is a variable and may change depending on the perspective of the individual, such as:

  • Customer or employee satisfaction
  • Personal demeanor
  • Business culture
  • Visual esthetics

While both metric types can be used in a vendor scorecard it’s recommended that subjective metrics are to be used sparingly. A good rule of thumb is to ensure that at least 80% of applied vendor performance metrics are objective and qualitative.

Now that we understand subjective and objective metrics, let's look at some common metric categories and their applications.

Key Performance Indicators (KPIs)

KPIs are metrics used to assess how well a vendor is performing business functions or achieving objectives. KPIs are meant to measure what is most important regarding the vendor's product or service.

A key performance indicator may be expressed as a numerical target, for example, "The network must have 98% uptime.” You may also allow for a range of acceptable values, with a lower and an upper limit; for example, "The call center must pick up all phone calls within 10-20 seconds."

Rather than tracking every vendor action or output, you should measure only those actions, outputs, deliverables or behaviors that contribute to your organization's success.

Service Level Agreements (SLAs)

Service level agreements are different from other metrics or KPIs. SLAs establish firm commitments between your organization and the vendor and describe the product or service aspects and expectations.

These represent "non-negotiable" service requirements that are identified and outlined in your contract or other written agreement. With SLAs, there’s usually a requirement for remedy or a stated penalty in case the vendor doesn’t meet the commitment. In most cases, the penalty is financial compensation, such as a refund, service credit or discount and repeated SLA violations can result in the termination of the vendor.

establish reporting process frequency

Establish the Reporting Process and Frequency

After setting up your vendor performance metrics and scorecard, you’ll need to identify who will be responsible for monitoring the metrics and how often the data will be collected and reviewed. In many cases, the vendor will provide data supporting the metrics. Your organization will need to determine the proper intervals for collecting and reviewing this data.

When it comes to how often to collect and review the performance metrics, it's important to consider the duration of the product or service cycle. For example, higher transaction volumes usually mean shorter service cycles and should result in more frequent data collection. If you are monitoring a vendor providing call center services, it might make sense to review metrics for inbound calls on a weekly basis.

Example: Assume that your center is handling 1,000 calls a week. That is 1,000 opportunities for something to go wrong, so it makes sense to catch any issues early. When you study the same call volume monthly vs. weekly, you might see that the vendor performance issue had worsened during that month, and the number of potentially unhappy customers has grown.

 

Remember, your organization has the discretion to determine how often to collect and review metrics. However, it’s strongly recommended that you review the performance of any critical and high-risk vendors at least quarterly, if not more frequently.

create remediation strategy

Create a Remediation Strategy

Reviewing the vendor performance scorecard will help you to identify if the vendor has failed to meet any agreed-upon KPIs or SLAs. If your vendor hasn't met a specific contract SLA, you must ensure that the contractual penalties are applied. Furthermore, if a vendor fails to meet performance standards, a remediation plan must be developed immediately. In most cases, the vendor should be able to provide the following details:

  • Summary of the issue including duration and impacts
  • The root cause or why the issue occurred
  • Plan of action for remediation
  • Remediation timing

It’s essential to formally document any failed performance as an open issue and track the remediation until it’s resolved. If your organization fails to take corrective action, you’re further exposed to ongoing or expanded vendor performance risk.

Taking time to identify appropriate KPIs and negotiate contractual SLAs is an excellent first step, but only if you put those performance metrics to use. There can be significant benefits to using a performance scorecard when it comes to tracking vendor performance over time and identifying issues before they develop into significant problems.

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo