History

There are 4 versions of this glossary term.
4. Vendor Risk Management Lifecycle
Every vendor relationship has a deal cycle that should include the following:

  • Onboarding - Includes planning & risk assessment, due diligence, and contracting
  • Ongoing Monitoring - Includes re-assessments, monitoring & performance, renewals, and due diligence
  • Offboarding - Includes termination, exit plan execution, and TPRM closure
Additionally, oversight & accountability, documentation & reporting, and independent review are always occurring.
Revised By: Brittany Padgett Revised On: Sep 30, 2022 9:54 AM
Characters Edited: -640 Total: 553
3. Vendor Risk Management Lifecycle
Every vendor relationship has a deal cycle that should include the following:

  • Scoping - Define what a vendor, service provider or third party is to your organization.
  • Inherent Risk and Criticality Assessment - The assessment of risk, based solely on the nature of the relationship - without consideration to any precautions or controls that are in place. 
  • Due Diligence and Residual Risk Determination - After you understand the inherent risk, conduct due diligence to ensure risk is mitigated appropriately and effectively. 
  • Vendor Selection and Contract Management - Use the risk assessment and due diligence data to determine any provisions that should be included in the vendor contract. 
  • Ongoing Monitoring - Keep an eye on your vendors after they sign the contract to ensure you're remaining aware of any new risk posed. 
  • Termination - If it's time for the vendor engagement to come to an end, follow the exit strategy and ensure you're terminating the vendor relationship in accordance with contract terms. 
Revised By: Venminder Inc Revised On: Oct 1, 2021 2:36 PM
Characters Edited: 745 Total: 1193
2. Vendor Risk Management Lifecycle
When an organization outsources a product or service to a vendor, they must go through the following lifecycle phases: planning, risk assessment, due diligence & third-party selection, contract management, ongoing monitoring, exit strategy and termination. During the lifecycle, risk assessments and due diligence updates as well as documentation and reporting, oversight and accountability and independent reviews will constantly be happening.
Revised By: Venminder Inc Revised On: Apr 29, 2020 10:15 AM
Characters Edited: -670 Total: 448
1. Vendor Risk Management Lifecycle
Every vendor relationship has a deal cycle that should include the following stages:

  1. Planning – Building out the vendor management policy, program and procedures documentation.
  2. Due Diligence and Third Party Selection – Implementing pre-contract due diligence expectations as part of the vendor selection process, aka vendor vetting. 
  3. Contract Negotiation – Negotiation is done to help limit an organization’s liability, set expectations for all parties involved, include right to audit provisions and define due diligence expectations.
  4. Ongoing Monitoring – During the entire vendor relationship, ongoing monitoring and due diligence must be performed to assess any new risk issues that may arise, continue to monitor SLAs and thoroughly analyze due diligence.
  5. Termination – When it’s time to end a contract, there must be steps outlined that include the plan to replace the vendor or bring the function back in-house and how any data will be returned or destroyed.
Revised By: Venminder Inc Revised On: Aug 13, 2019 3:27 PM
Characters Edited: 0 Total: 1118