Have you heard the terms “vendor monitoring” and “vendor management” and thought that they mean the same thing? Chances are you’ve probably heard both used frequently and interchangeably throughout the industry. It can be easy to simply combine the two into one but it’s important to understand that vendor monitoring is actually a step within vendor management.
Let’s start with a quick overview.
What Is Vendor Management?
Vendor management is defined as the process of fully identifying all the significant companies that aid in the delivery of a product or service to your organization or to your customers on behalf of the organization. It involves controlling costs, driving service excellence and mitigating risk to gain increased value throughout the vendor lifecycle.
What Is Vendor Monitoring?
Vendor monitoring, or ongoing monitoring, is a step outlined within OCC Bulletin 2013-29. Within the guidance, the vendor risk management lifecycle is extensively defined and it’s clear that it’s imperative ongoing vendor monitoring be performed as long as you’re leveraging a vendor for a product or service. By maintaining ongoing monitoring, you are assisting with the mitigation of risk.
Some areas of risk can include:
- Data breaches
- Changes in executive leadership
- Faulty security controls
- A lack of disaster recovery testing
- Poor financials
- And much more…
You may be wondering what vendor monitoring may entail exactly. Here are 6 vendor items that you should be revisiting on a frequent basis:
- Business continuity and disaster recovery plans
- SOC reports
- Risk assessments
- Public news
Automate Vendor Monitoring
Vendor monitoring can be a very cumbersome and time-consuming task. Fortunately, there are some helpful industry tools to automate the process and ease the burden. Here are two that I’ve found to be helpful:
- ArgosRisk - Assists by sending you alerts when the system identifies early warning signs of risk with your vendors. It can identify early warning signs that warrant attention.
- Security Scorecard - Assists by monitoring your vendor’s security posture which helps identify vulnerabilities, active exploits and advanced threats.
After the initial vendor vetting and selection is completed, you’ll likely feel great about the vendor you’ve chosen and execute the contract. It’s after this that ongoing vendor monitoring is often a forgotten pillar within vendor management; however, it’s an extremely important facet of any program. Remember, when it’s done correctly it can prevent your organization from experiencing unnecessary risk.
Get started with writing more effective vendor management policies. View our on-demand webinar.