This message was posted by a user wishing to remain anonymous
Hi Desiree,
My institution utilizes the external questionnaires using the Venminder template. We ask for COI, Business Licenses, InfoSec/ CyberSec policies, Financials, PenTests, and SOC reports. Of course, we use different questionnaires based on inherent risk and the duration of the relationship with the vendor. When sending them through Venminder, I find it's easier to track. Keep in mind though, many of our vendors refuse to work with Venminder for security purposes or they require an NDA.
Original Message:
Sent: 04-13-2021 01:59 PM
From: Desiree Lafever
Subject: Vendor Document Collection Process
Hello All!
We are new to VM and trying to establish our processes for annual reviews for our existing vendors. Can anyone help give insight on how they reach out to vendors to collect their annual due diligence documents? In the past we have emailed our vendor directly or collected documents through their client portals. Is this the same for you or do you use a customized questionnaire in VM to request the vendors documents?
Thank you for your help!