Hi Michelle,
We outsource the periodic (and sometimes initial) reviews for all of our Critical and some of our Significant vendors each year to the company we use for our ERM Suite, (which includes Vendor Management). They collect and review documentation from the vendors, then provide us with a summary of their review, It covers 11 different areas (Business, Financial, Legal, Compliance, IS, Cloud Computing, Operations, Dependencies, HR, Reputation and Business Continuity).
We then review their summary, then meet with them and answer a set of Risk Assessment questions to determine if the vendor is a low, medium or high risk.
We are very happy with the service. Especially, because critical vendors can be complicated.
Does anyone currently outsource their third-party program or pieces of it- like initial and/or annual due diligence reviews? If so, who do you use... -posted to the "Due Diligence and Ongoing Monitoring" community
|
Community dedicated to third party risk professionals.
|
|
|
|
|
|
Outsourcing Due Diligence Reviews
|
|
|
|
|
|
Does anyone currently outsource their third-party program or pieces of it- like initial and/or annual due diligence reviews? If so, who do you use and what other considerations do we need to think about? How do you confirm their their review is correct/acceptable to your risk level? what do they review? How do they summarize/provide info back?
|
|
|
View Thread Like Forward Flag as Inappropriate
|
|
|
Disclaimer
The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.
This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more Click Here.