Contract Management

 View Only
  • 1.  Office Supplies Vendor Management

    Posted 06-30-2021 10:28 AM
    this might not be a topic for discussion, however I was wondering is Office Supply vendors ( paper providers, stationary providers, copier/printer, coffee and sugar supplies etc...) are these even eligible vendor to be managed via venminder ? there is truly no risk involve, although I would like to know all thoughts out there and how it is currently handle.


  • 2.  RE: Office Supplies Vendor Management

    Posted 07-08-2021 02:03 PM

    Generally, it is safe to exclude these vendors from your TPRM program scope. Which vendors to include for TPRM is entirely at your organization's discretion. However, consistency with your program is vital. I would consider the following:

    1. Does your program have a documented scope of vendors to be included for risk management? This information should be listed in your policy. , Even if this information is not included in your policy, it is a good idea to make sure that you have documented clear criteria for the vendors that are in or out of scope for risk management.
    2. What is the risk culture and appetite of your organization? Some organizations only include moderate-risk and higher for TPRM, while others include all levels. You should be consistent with how vendors of all risk levels are treated. If an exception is required, it should be documented.
    3. Would the vendor have unescorted access to your facility? For example, your vendor arrives with a large paper order. Would they have access to the office supplies storage area without an escort? If so, you would likely want to do some due diligence to understand if delivery personnel are background-checked. Instead, you can make sure they are always escorted while in the building.

     

    I hope my answer was helpful, but I would like to hear from other members too.