Hi! I'm not from a law firm but I still think I can help as I've managed risk in both a regulated bank environment and in tech. The tiers I've used are Strategic, Preferred and Tactical. In short, Strategic have access to PII, they are not easily replaceable and can be a sole source vendor and the core business depends on the delivery of the goods/services provided by these vendors. We use a scoring methodology to classify vendors so there may be a couple other areas that feed into this classification as well.
Preferred would have access to confidential info but the business would not crumble without them. Think SaaS vendors, benefits vendors etc.
Tactical are easily replaceable and do not have access to data (caterers etc)
I hope this helps!
Original Message:
Sent: 02-01-2021 11:15 AM
From: Anonymous Member
Subject: Vendor Management Policy
This message was posted by a user wishing to remain anonymous
Good day. Hope this finds you all in good health.
Is anyone from a law firm willing to share vendor management policy and/or info as to how you established tiers for vendors? (i.e., what factors did you to apply to each tier so as to 'rank' your vendors?)
Appreciate any feedback. Thank you!