Due Diligence and Ongoing Monitoring

 View Only

  • 1.  Review Frequency

    This message was posted by a user wishing to remain anonymous
    Posted 07-13-2020 12:44 PM
    This message was posted by a user wishing to remain anonymous

    ​I am restructuring our VMP and was hoping you could share the frequency with which you conduct ongoing due diligence/risk assessment reviews. We plan to do annual review on those rated tier 1 (Critical) but would like some feedback on what everyone else does for those rated non-critical; do you all following the standard 1 year, 2 year, 3 year...etc. model or have you found it beneficial to do some of the other reviews at a different frequency?

    Thank you in advance


  • 2.  RE: Review Frequency

    This message was posted by a user wishing to remain anonymous
    Posted 07-13-2020 01:38 PM
    This message was posted by a user wishing to remain anonymous

    We review Critical and/or High Risk annually; Moderate bi-annually; and Low risk as needed.
    Original Message


  • 3.  RE: Review Frequency

    Posted 07-13-2020 02:55 PM
    We review Critical vendors annually; Moderate every three years and No Impact every five years.
    Original Message