In my program - we include any and all vendors/suppliers that receive payment in exchange for goods and services. The initial on-boarding is very quick so any vendor that exposes us to little or no risk, ie the florist, is quickly identified as an approved vendor. I have found this eliminates any confusion within my company - if its a new vendor, the vendor owner has to talk to someone in Vendor Risk Management. VRM then decides how deep the on-boarding and on-going vendor management will be. The other "hazard" I have encountered is that if a vendor initially is providing us with a low risk service, IE TV repair person, once they are listed as an approved vendor, the business may begin using them for other work i.e. TV repair person is also skilled in repairing equipment that sits in my data center, suddenly a vendor that was initially exempt from review, is working in my data center. True story. Moral of my story, review everyone at the beginning so they are on your radar and you have some type of documentation on file.
Original Message:
Sent: 11-20-2019 08:26 AM
From: Jennifer Wilkinson
Subject: Exclusions within Policy
Hi Barb- We exclude vendors who are non-material and would have absolutely no negative impact on our ability to operate- caterers, office furniture supplier etc.
------------------------------
Jenn Wilkinson
Vice President
Strategic Vendor Management
Cenlar FSB
jwilkinson@cenlar.com
Original Message:
Sent: 11-19-2019 06:35 PM
From: Barb Peryer
Subject: Exclusions within Policy
We are contemplating excluding certain types of third parties from our TPRM program. For instance, flower shops, store that sells training materials, etc. What types of third parties do you exclude today?