For our credit union I serve as the Vendor Management Administrator, the position reports up to Information Security & ultimately Risk Management. I facilitate the full life cycle & engage subject matter experts as needed. We do use the managed services provided by our software to complete due diligence reviews on approximately 30 vendors (our most critical & highest risk). Our process is centralized so that our vendor owners can run the day to day operations of the vendor relationship, but the VMA will handle the majority of the due diligence & compliance matters.
Original Message:
Sent: 04-22-2022 01:55 PM
From: Jamie Sumter
Subject: 3rd Party Due Diligence
Hello - I am wondering which area does your 3rd party Due Diligence? It is a VMO or Risk Management area or does Procurement gather those details including compliance reports? Do you have specific reasons why the area is responsible for this?