Due Diligence and Ongoing Monitoring

This message was posted by a user wishing to remain anonymous

How do you handle vendors who refuse to respond to reviews?  We rarely have issues upon initial onboarding, but during our annual reviews, things get a bit more complicated.  Do you use contractual clauses to allow termination early, or if not, send notice of potential action if they do not respond?  We are just needing to see what others are doing.  This is not usually a big problem, but when it happens it is usually an impactful vendor, that is not necessarily easy to replace.

Great question. I don't think there is any wrong or right answer. As we have a decentralized vendor management process, I use our vendor management system, LogicManager, ping the vendor weekly for up to 30 days. After that point I engage the Relationship Manager. I have found that the Relationship Manager doesn't keep the vendor contact information current. After engaging the Relationship Manager and validating the vendor contact, I usually reach out to the contact. That's when I find out the contact has changed, left the company or the business has a compliance area that handles the response. I redirect my automated task to that new contact and things are usually resolved. Between my contact with the vendor and engaging the Relationship Manager our issues are resolved. Thankfully I haven't had to go to using contract clauses, etc.
Original Message:
Sent: 06-10-2021 12:40 PM
From: Anonymous Member
Subject: Vendors who do not respond

This message was posted by a user wishing to remain anonymous

How do you handle vendors who refuse to respond to reviews?  We rarely have issues upon initial onboarding, but during our annual reviews, things get a bit more complicated.  Do you use contractual clauses to allow termination early, or if not, send notice of potential action if they do not respond?  We are just needing to see what others are doing.  This is not usually a big problem, but when it happens it is usually an impactful vendor, that is not necessarily easy to replace.

This message was posted by a user wishing to remain anonymous

For critical vendors, I've seen recommendations for expanding the Right to Audit Clause to include the Right to Perform an Onsite TPRM Review.  Most vendors would prefer to participate in ongoing monitoring activities rather than being subjected to an onsite review.  You're not committed to actually perform an onsite, but it gives you something to leverage.
Original Message:
Sent: 06-10-2021 12:40 PM
From: Anonymous Member
Subject: Vendors who do not respond

This message was posted by a user wishing to remain anonymous

How do you handle vendors who refuse to respond to reviews?  We rarely have issues upon initial onboarding, but during our annual reviews, things get a bit more complicated.  Do you use contractual clauses to allow termination early, or if not, send notice of potential action if they do not respond?  We are just needing to see what others are doing.  This is not usually a big problem, but when it happens it is usually an impactful vendor, that is not necessarily easy to replace.