Due Diligence and Ongoing Monitoring

 View Only
  • 1.  CRM Due Diligence

    This message was posted by a user wishing to remain anonymous
    Posted 12-07-2021 10:13 AM
    This message was posted by a user wishing to remain anonymous


    We are reviewing potential CRM Vendors. Has anyone reviewed these type of vendors and what kind of due diligence should we be requesting from them?? 


  • 2.  RE: CRM Due Diligence

    Posted 12-08-2021 08:53 AM
    It will depend in part on what type of information you store in the CRM system.  Do you plan to have non public customer in the system (for example, will it interface with your core for a regular update of accounts and balances in the core)?  If so, you'll need to perform similar due diligence to any other cloud based (I'm assuming it is cloud based) vendor handling non-public info.  ​I would be requesting financials, SOC report, BCP policy and testing documentation if available, references, evidence of acceptable insurance.  I also ask for a sample of the contract and review terms, SLA's and confidentiality language etc. We also do our own research online of the company, the owners or principals etc. and we try to contact several references.  

    I often start by asking the vendor to send me their standard due diligence package.  Their response and content will tell you a lot about the maturity of their program.  Seasoned vendors who are accustomed to these requests will generally provide a pretty comprehensive package.  For those who do not, I tend to dig a bit deeper in my independent research and reference checks to get comfortable.

    Hope this helps.