Overview of the 7 Pillars of Vendor Management
Incorporating these pillars into your third-party risk program is essential.
There are 7 fundamental elements of a strong vendor management. In this podcast, we are going to dive a little deeper into what each pillar means and some ways to incorporate these pillars into your third-party risk program.
In this 90-second podcast, you’re going to learn what the seven pillars of vendor management are.
At Venminder, we have a team of industry experts who specialize in managing vendor risk in these seven pillars daily.
So, here’s a quick overview of the pillars:
- The first pillar is Vendor Selection. It’s essential to have a strong process for selecting new vendors as needed. We recommend you request and review fundamental business documents like OFAC checks and secretary of state checks.
- The second pillar is Risk Assessment. Determining the risk and potential business impact of a vendor, product or service and any regulatory risk is essential to evaluating the overall risk a vendor poses to your organization.
- The third pillar is Due Diligence. Request essential due diligence documents, like a SOC report, financials, business continuity and disaster recovery documentation.
- The fourth pillar is Contractual Standards. Take the time to develop standard contract terms and conditions BEFORE you enter contract negotiations. Keep it fair and reasonable for both parties.
- The fifth pillar is Reporting. Standard reporting should be developed for your lines of business, senior management team and board. They’ll all contain essentially the same information in formats appropriate for each group.
- The sixth pillar is Ongoing Monitoring. This is a solid best practice and a regulatory expectation. Analyze your vendors according to an annual calendar, not just during vendor vetting, to help eliminate concerns.
- The seventh pillar is Exit Strategy. This is a new pillar, broken out due to its extreme importance in our digital world. Plan your course of action for terminating a vendor relationship up front.
I hope you’ve found this podcast insightful. Thanks for tuning in; catch you next time!
Subscribe to our Third Party Thursday Newsletter
Receive weekly third-party risk management news, resources and more to your inbox.