Risk Assessments

 View Only
  • 1.  Offboarding vendor questionnaire

    Posted 07-19-2022 06:46 AM

    Hi,

    Do anyone have a questionnaire for the contract termination/Contract expiry/Offboarding vendor?

    Thanks & Regards
    Srini



  • 2.  RE: Offboarding vendor questionnaire

    Posted 07-20-2022 12:36 PM
    Hi Srini,
    In the Offboarding a Vendor toolkit here, there's a checklist you may find helpful, so I wanted to pass it along. It includes questions to consider when terminating a vendor contract. Does anyone else have offboarding/contract termination questionnaires to share?

    Thank you,

    Brittany Padgett
    Community Manager


  • 3.  RE: Offboarding vendor questionnaire

    Posted 07-21-2022 06:40 AM
    Thank you :)


  • 4.  RE: Offboarding vendor questionnaire

    Posted 07-28-2022 10:11 PM
    Hello, 

    Not really sure how to do this, but here I go.  I am looking for what other companies do when they have a vendor, i.e. IT company, Iron Mountain paper vendor, Air Condition repair personal, Terminex pest control, printer repair personal, etc., enters into a company building to do their job, what other companies do as far as making sure these types of vendors do not obtain any confidential informaion that could be lying around. Does the company have a policy that requires certain vendors to be escorted during their presents? If so, does it outline the types of vendors that need to be escorted and those that don't that they would like to share with me? Do you make them sign a Confidentiality Agreement once for the period of the contract or each time the vendor enteres the building?  
    I am trying to write up a document so that our staff can ahear to when a vendor enters the building what they are required to do. 

    Appreciate any assistance.


  • 5.  RE: Offboarding vendor questionnaire

    Posted 07-29-2022 09:15 AM
    Hi Kim- 
    1) Your organization should have a clean desk policy so that there is not confidential information "lying around" which should be enforced by your facilities department or other appropriate area. 
    2) Your vendors should provide evidence of or attest to having a background check policy on all of their employees and contractually agree to ensure anyone sent to your site has passed a background check. 
    3) There should be notice if a vendor is on site on an operational floor or specific area so that other employees are aware that they are there and can monitor them while in the building unless the vendor is being escorted (preferred by our group).

    To use your vendor examples- If we have a tech coming to fix a printer on the open floor, the facilities or tech employee will escort them to the printer, and then depending on the length of time that it takes, they will either stay in the area with the vendor or they will let the surrounding employees know who they are and that they are going to leave for a bit while he works but will come back shortly and leave his contact information in case they finish early or need something. For Iron Mountain who picks up shred from various buildings and locations, we have someone from each building walk with them as they retrieve the bins and attend the shred on site.  Other companies may issue a temp badge with a tracker on it so they can ensure no one was wandering to where they had no business being. Our company has segregated access to different production floors, conference rooms etc. so unless you have a badge with access parameters you have to be let into any area in the building. 
     Some of these should be part of your organization's overall Corporate and facilities policies and procedures to ensure risk is mitigated. 
    I hope that helps!!

    ------------------------------
    Jenn Wilkinson
    Vice President
    Strategic Vendor Management
    Cenlar FSB
    ------------------------------



  • 6.  RE: Offboarding vendor questionnaire

    Posted 07-29-2022 09:49 AM

    Thanks Jennifer for the information. 

     

    By chance can you share your facilities policies and procedures with me?  I am just looking for a way to explain to the branch managers what is at risk and who they need to be escorting. 

     

    Thanks again.

     

    Kim Beesler

    VP | MIS Specialist

    [Contact information removed by Community Manager for privacy reasons. Please message the member directly for their email or phone number]



    For your protection, do not submit sensitive information about yourself via non-secure email. Information sent without the use of the secure email is not encrypted, and we cannot guarantee privacy.

    This e-mail and any files transmitted with it may contain confidential information. Any unauthorized use, disclosure, dissemination, distribution and/or photocopying of the transmission is prohibited. If you received this message in error, please contact the sender immediately by reply e-mail and delete the message. Thank you for your cooperation. The above does not represent an electronic signature for E-Sign.





  • 7.  RE: Offboarding vendor questionnaire

    Posted 07-29-2022 12:19 PM

    Hi Kim,

    We have a tiered system for vendors/suppliers, depending upon their function and what parts of the building they need to access in order to do their work.  Depending upon their level of access, they will either be required to sign a confidentiality agreement or a vendor security briefing.  Anyone with access inside the building will also be issued a badge that (depending upon badge color) will allow them access to certain areas.  The badge must be visibly displayed at all times while they are inside the building.  No vendor badge will allow access to either the server room or the mailroom.

    Employees are issued either a yellow badge (regular employee) or a green badge (temporary employee).  If the employee's job requires them to have access to the server room or the mailroom, their badge will be programmed to allow that access.  Employees who do not need to access the server room or the mailroom have no access to those areas, and can only enter those areas when accompanied by an authorized employee.

    Vendors who only work outside the building (lawn mowing, snow removal, window washers) are not required to sign anything, and are not issued any badge.

    Vendors who need access inside the building for just a short time (dropping off paper supplies, delivering or picking up packages, or potential vendors coming for a face-to-face meeting with an employee) are issued a red badge.  The red badge does not allow them access through any secured door.  Their access would be only to hallways, restrooms, the lunch room, and the entry lobby.  The red badge also means they must be escorted at all times by one of our employees.  These vendors would not be asked to sign anything.  They would leave a driver license or other photo ID at the security desk in the main entry lobby in exchange for their badge, and would get the ID back when they returned their badge and left.

    Vendors who need unescorted access inside the building, including into employee work areas (which are behind secured doors), would be issued an orange badge, which would allow them to get through the electronically secured doors, and they would have to sign a confidentiality agreement.  These vendors would include the cleaning crew, or electricians, or people who need to pick up outgoing mail, and people who install or repair doors or windows, or need access to the HVAC equipment on the roof.  These are people who would not need to have access to confidential information in order to do their work, but might inadvertently see it on desks or overhear conversations that contained confidential information.  If these people need access to the mailroom where mail is printed (such as vendors performing printer maintenance or repair), they would need to be accompanied while inside the mailroom.

    Vendors who need unescorted access inside the building, and who also need access to confidential information, would include auditors or regulators.  This might also include people who need access to portions of our network, such as our phone software system provider.  These people would have to sign a vendor security briefing which provides more detailed restrictions, such as not transferring confidential info onto portable devices like thumb drives, not sending sensitive info outside of the network via email, and not uploading anything into the network without prior approval.  These vendors would also get orange badges, and those badges would still exclude them from sensitive areas like the server room and the mailroom.  Vendors who need access to the server room to perform their work would still get an orange badge and still have to sign the security briefing, but while inside the server room they would have to be accompanied at all times by an employee authorized to access that area.



    ------------------------------
    Ivan A. Martin
    Senior Contract Administrator
    Iowa Student Loan
    ------------------------------