Due Diligence and Ongoing Monitoring

 View Only

  • 1.  Building Questionnaires

    This message was posted by a user wishing to remain anonymous
    Posted 08-18-2020 01:18 PM
    This message was posted by a user wishing to remain anonymous

    ​I'm new to Vendor management and Venminder.  What are some of the questions you ask in your questionnaires?


  • 2.  RE: Building Questionnaires

    Posted 08-20-2020 01:54 PM

    Welcome to the world of vendor management! I thought you may find this resource helpful – How to Guide: Creating a Vendor Risk Questionnaire.

    Brittany Padgett
    Community Manager


    Original Message


  • 3.  RE: Building Questionnaires

    Posted 10-13-2020 10:54 AM
    Please can you revisit the resource link mentioned, seems the help guide repository is not valid at the momeent.
    Original Message


  • 4.  RE: Building Questionnaires

    Posted 10-13-2020 11:00 AM

    It looks like the link expired. I apologize for that. This link here will take you to the How to Guide: Creating a Vendor Risk Questionnaire. 

    Brittany Padgett
    Community Manager 


    Original Message


  • 5.  RE: Building Questionnaires

    This message was posted by a user wishing to remain anonymous
    Posted 08-21-2020 08:13 PM
    This message was posted by a user wishing to remain anonymous

    Hi! 

    Here are the primary questions I like to ask to determine inherent risk and criticality: 

    • Does the vendor or product align with strategic goals? 
    • Does this product or service in any way impact clients and/or customers?
    • Will the vendor have direct access to clients and/or customers?
    • Is sensitive data being accessed by this vendor?
    • Will / does this vendor in any way host or store NPI or PII of employees, clients or customers?
    • Will/does vendor have escorted physical access to facilities?
    • Does the vendor have access to or process any PCI (payment card industry) data?
    • Does the vendor process financial transactions on our behalf, or on behalf of our customers or employees?
    • Do we rely on this product or service in order to maintain compliance with any regulatory guidance?
    • Will any services provided by vendor be supported by any location outside the continental United States?
    • Will/does this product or service require an expense of over $50,000 within a single year?
    • Does this product or service provide or support a significant revenue stream?
    • Would a disruption in service cause a material impact to us or our clients/customers?
    • Is this a technology-related service that will in any way require integration with our Network?
    • Is the product or service a newly launched or emerging technology product?
    • Will/does the vendor have access to our network?
    • Will this product or service be accessed via the internet?

     

    This should mostly all be answered internally by the business owner. Then, depending on the answers to these questions, you can determine not only your inherent risk, but also the due diligence that would be needed to mitigate these particular risks. Venminder may have some templates that could help you determine what due diligence is most appropriate. 

    Hope that helps! 


    Original Message