Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Vendor Document Collection Process

    Posted 04-13-2021 01:59 PM
    Hello All!

    We are new to VM and trying to establish our processes for annual reviews for our existing vendors. Can anyone help give insight on how they reach out to vendors to collect their annual due diligence documents? In the past we have emailed our vendor directly or collected documents through their client portals. Is this the same for you or do you use a customized questionnaire in VM to request the vendors documents?

    Thank you for your help!


  • 2.  RE: Vendor Document Collection Process

    Posted 04-13-2021 04:03 PM
    Hi Desiree,
    Our process is much the same as yours- email the vendor contact or their due diligence email & request the documentation or utilize the online portals.  There is no consistency with the vendors. Even this year I have found that a vendor that used an online portal last year has moved to an email request this year. 
    Best of luck gathering your documentation.  
    Melissa


  • 3.  RE: Vendor Document Collection Process

    Posted 04-13-2021 04:14 PM
    Thank you for your insight Melissa! I have found the same for vendors changing their processes the next time we reach out to collect documents.


  • 4.  RE: Vendor Document Collection Process

    This message was posted by a user wishing to remain anonymous
    Posted 04-13-2021 04:36 PM
    This message was posted by a user wishing to remain anonymous

    Hi Desiree,
    My institution utilizes the external questionnaires using the Venminder template. We ask for COI, Business Licenses, InfoSec/ CyberSec policies, Financials, PenTests, and SOC reports. Of course, we use different questionnaires based on inherent risk and the duration of the relationship with the vendor. When sending them through Venminder, I find it's easier to track. Keep in mind though, many of our vendors refuse to work with Venminder for security purposes or they require an NDA.


  • 5.  RE: Vendor Document Collection Process

    This message was posted by a user wishing to remain anonymous
    Posted 04-22-2021 05:29 PM
    This message was posted by a user wishing to remain anonymous

    Our company typically invites the vendor to an assessment kick-off meeting during which we provide an overview of our firm's assessment process. Upon completion of the kick-off meeting, we typically send an email to the vendor contact that includes the assessment questionnaire, outlines the supporting documentation required, and informs the vendor of the due date for submitting all documentation to us.  The kick-off call provides us with a medium to explain our assessment process and for the vendor to ask questions or request clarification.