While we don't have a template to share, I would look to your policy for what constitutes oversight. It takes a bit of work, but I would create a simple word document that would include the following information for each vendor.
- Vendor Name and Risk rating
- Critical or Non Critical
- Date of last performance review
- Attendees at review
- Results of KPIs or SLAs
- Reference to the data source supporting the performance
- Open performance issues and remediation plan with date
- Date of last risk review (due diligence or annual review)
- Any missing or pending documentation
- Any open issues or required remediation with plan and date
- Contract status – date of termination or renewal
- Any required escalation, industry news, or regulatory changes
Of course, you can add more if necessary. Still, if the goal is to have evidence of monitoring, the information above should be sufficient. However, I would love to know how other members provide evidence of first-line management and oversight.
Original Message:
Sent: 09-13-2021 12:57 PM
From: Anonymous Member
Subject: Standard Oversight Procedures
This message was posted by a user wishing to remain anonymous
We are looking to develop a standard procedure template for internal third party relationship owners that documents their oversight. Has anyone done anything similar that could share their SOP?