Vendor on-site visits can be a useful tool as part of initial due diligence or ongoing monitoring. Each on-site visit will be unique depending on the product or service provided and the controls your organization needs to verify.
From a checklist perspective, starting with these basic categories is a good starting point. For each visit, identify the controls, risk management practices, documents, etc., that you need to review for that specific vendor
q Meet with Management Teams and Employees
q Review expectations for vendor
q Observable controls: Identify the controls you can only verify through in-person observation. Examples include
o Security cameras
o Restricted area access management
o Employee safety practices and equipment
o Health and safety systems
o Location and security of server rooms
o Clean desk, locked computer
o Packing and shipping processes
o Compliance with safety codes
o Treatment, storage, and end-of-life management for hazardous materials
o ADA Accessibility
q Data or Documents that can only be viewed in person/on site
o Safety certificates or calibration stickers on equipment
o Sensitive or confidential plans
q General Observations
o Location and security of the facility
o Cleanliness and organization of employee workspaces and production areas
o Condition and cleanliness of common areas, including meeting rooms, restrooms, and employee break areas
o Condition of furniture, equipment, and tools used by employees
o Safety and condition of parking areas
With these basic categories, your team should be able to build out comprehensive and vendor-specific vendor on-site review checklists. I would love to hear what other members would add to this list.
Sent: 03-15-2023 07:15 AM
From: Anonymous Member
Subject: On-site Due Diligence Checklist for Business Process Outsourcing
This message was posted by a user wishing to remain anonymous
We are trying to setup a governance framework on our Centers of Excellence that includes a periodic on-site due diligence.
Does any have or can guide me to a periodic on-site Due diligence checklist for Business Process Outsourcing that covers multiple processes.
Thank you in advance!