Due Diligence and Ongoing Monitoring

 View Only

  • 1.  Due Diligence Response Process

    This message was posted by a user wishing to remain anonymous
    Posted 05-11-2022 08:15 AM
    This message was posted by a user wishing to remain anonymous

    This question is aimed at those who are receiving due diligence requests from their clients - 

    Our product supports the finanical industry, so our team provides a SOC 2 Type II, a SIG, and additional policy and procedure documentation.  Even with providing this pre-approved documentation, we continually get requests to complete each individual questionnaire (which can be upwards of 200+ questions).  This process has become quite arduous, and we expect it to only get worse looking forward.

    I am interested to hear how others are managing this process, or any ideas that someone would love to implement if they had the resources, funding, etc.  Additionally, how does one maintain their accurate library of responses without regularly engaging their software teams?

    Thank you in advance for any advice or insight!


  • 2.  RE: Due Diligence Response Process

    This message was posted by a user wishing to remain anonymous
    Posted 05-11-2022 08:53 AM
    This message was posted by a user wishing to remain anonymous

    Yes - this is an occupational hazard if you work in this field. Every company needs to be able to evidence their due diligence on the suppliers they use and they will often use SaaS solutions to manage this. I find that customers need us to complete their questionnaires to maintain the integrity of their own records and they aren't keen on us providing a pre-prepared response. Additionally these enquiries are usually linked to a sale so there will be an added impetus to do what the customer is asking!
    Original Message