Managing Third-Party Risk

Video Transcript

Hi – I’m Branan with Venminder. In this 90-second video, you are going to learn about managing third party risk. Here at Venminder, our entire business is centered around helping our clients manage and mitigate third party risk. In today’s climate, it’s just a must. Third-party risk management has a definite lifecycle that you can follow.

The planning phase consists of building your policy, program and procedures documentation detailing HOW you will provide oversight to your vendors.

The due diligence & third party selection phase is where you will implement pre-contract due diligence, aka the vetting process. Your due diligence should always be centered around the level of risk the vendor could pose.

The contract negotiation phase is where you ensure that your contracts are organized and have strong contract language to minimize risk.

The ongoing monitoring phase is about continuing due diligence after the contract is signed. This includes periodic reviews of vendor due diligence, SLAs  and addressing risk issues.

And finally, the termination phase. You should have plans in place for certain vendors, like your critical vendors, to replace the third party or to bring the function in-house in an efficient manner if needed. This includes determining what happens to any confidential information and any post termination rights to use the information for marketing or other purposes.

Remember, effective third-party risk management can protect your organization by managing the risks you are taking by outsourcing a product or service.

See you next time.