Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Vendor Code of Conduct

    This message was posted by a user wishing to remain anonymous
    Posted 02-07-2020 08:59 PM
    This message was posted by a user wishing to remain anonymous

    We currently have a Vendor Code of Conduct that presents itself to the vendor prior to entering our vendor management tool. There is nothing that is asked or required in the Code that a reasonable, ethical business does not already do. However, we do have vendors who want to red-line it, which we do not accept.

    Do you have a Vendor Code of Conduct? What is your method for getting vendors to comply with it? Are you just posting on your website and then incorporating a note into your master MSA?


  • 2.  RE: Vendor Code of Conduct

    This message was posted by a user wishing to remain anonymous
    Posted 02-11-2020 01:24 PM
    This message was posted by a user wishing to remain anonymous

    ​We recently had the same discussion at our company.  Although having a vendor's code of conduct sounds great in theory and may be best practices, we felt that it really didn't address/prevent any additional incremental risks.  For instance, by reading our code of conduct, it is supposed to discourage any vendors who don't share our values from working with us; however, any unethical vendor would not be dissuaded by this anyway.  We felt that this is what our vendor due diligence is for, to ferret out disreputable vendors (e.g., financial strength, reputation in the industry, fitness of use, etc.).  Also, just informing the vendor is not enforceable in court should they violate our code of conduct, and since we cannot legally remove them unless it was a stated violation of our contract, what true purpose is including our vendor code of conduct in our vendor process?  However, that being said, we do make every vendor that does come on our premises and who work with our employees or customers read and acknowledge our company's code of conduct and they are subject to our "up to and including termination" clause.


  • 3.  RE: Vendor Code of Conduct

    This message was posted by a user wishing to remain anonymous
    Posted 02-11-2020 03:00 PM
    This message was posted by a user wishing to remain anonymous

    ​We have our Supplier Code of Ethics and Business Conduct on our website, we reference it in the contract, and any suppliers who are onboarded are required to review all supplier policies and complete Privacy & Security Training, which we track.