While I haven't seen a template, I can share that a good place to start in building your processes is to use these tenets.
To boil it all down, these high-level questions are what most are trying to answer in their due diligence efforts:
-
Does our organization fully understand and is prepared to manage the KPIs associated with the contract with this vendor?
-
Does the vendor have the means and resources to deliver the goods/services for which our organization has contracted?
-
Does the vendor demonstrate the financial means and resources to fulfill their obligations to our organization?
-
Can the vendor protect our organization's reputation as they fulfill their obligations to our organization.
Usually every activity within an VRM program can be associated to one of these questions. For example, checking a vendor's SOC report, or doing a cyber scan of a vendor's website can be associated with questions 2 and 4.
On a related note, if your are building a matrix, focus on eliminating ambiguity - specifically in the scoring. Stay away from vague 1 to 5 scoring, add descriptions of each score such as:
5 - Exceeds Standard Requirements
4 - Meets Standard Requirements
3- Meets Minimal Requirements
2- Does Not Meet Requirements, Workaround Available
1- Does Not Meet Requirements, No Workaround Available
These are examples, use your own descriptions.
Original Message:
Sent: 11-20-2019 09:27 AM
From: Anonymous Member
Subject: Pre Due Diligence Template
This message was posted by a user wishing to remain anonymous
What does everyone do to complete pre due diligence when searching for a new vendor? What type of information is included in your search and do you have a final scoring matrix for the specific areas of your search or a template? Any input that you can provide regarding pre due diligence would be helpful.