Your Policy is your playbook that informs everyone in the organization of your plan to address third-party risk. While there is no “one size fits all” when it comes to writing a good policy, we've put together a sample Policy that can help guide you in creating one of your own.
Download our sample vendor management policy and remember...
It’s not an academic exercise: It is absolutely essential for your Policy to be read, understood and approved by senior management and the board.
Who owns it: Your policy should identify WHO is responsible for vendor management
Stay current: When new guidance is released, you must pull that Policy out of the drawer and apply any new updates.
You’re not done yet: Accompanying your Policy document, your institution should create an extensive plan that goes into detail as to how this Policy will be put into place, through the creation of a Program document
T&C: This offer is only available to verified US-based businesses. This document is only provided to those who are reviewing for the purpose of their own third-party risk program. A business email must be provided. By completing the form, you agree to keep this document confidential in your organization and to not distribute this document outside of your organization. We reserve the right to deny the request. Accepted requests will be processed promptly.