Before you can confidently onboard a vendor, you need more than just a stack of documents — you need insight. From SOC reports and financials to policies, procedures, and insurance certificates, due diligence is about understanding what those documents say about your vendor’s risk and whether they meet your organization’s standards.
This session breaks down what to ask for, why it matters, and what to actually do with the documents once they’re in hand. We’ll walk through how to tailor requests based on risk, identify red flags, and translate paperwork into confident, risk-aware decisions.
You’ll learn:
- Common document types: SOC reports, financials, cyber policies, insurance certificates, and more
- What each document tells you — and what it doesn’t
- How to scale your document requests based on vendor risk
- What to do with incomplete, missing, or vague responses
- Tips for documenting your review process for audits and exams
Whether you're refining your process or building one from scratch, this session will help you collect the right documents — and use them to help choose the best-fit vendor for your organization.
This session is not CPE Credit eligible.
.gif?width=1920&name=Sample-Graphic-Animation%20(1).gif)
