Policy, Program and Procedures

 View Only
  • 1.  Out of Scope

    Posted 06-15-2021 07:41 AM
    What types of products and services do you consider out of scope for third party risk management/vendor management?


  • 2.  RE: Out of Scope

    Posted 06-15-2021 09:07 AM

    Venminder has published some guidance on this topic which I've found helpful:

    https://www.venminder.com/blog/out-of-scope-third-parties
    https://www.venminder.com/library/determine-in-out-scope-vendors




  • 3.  RE: Out of Scope

    Posted 06-15-2021 02:14 PM
    Every organization will have its own list of entities excluded from its definition of vendor or excluded from the vendor management process. Some on the list will be unique to the organization's business. We exclude:
    • Employees or directors acting in that capacity
    • Entities receiving payment because of a Company issued insurance policy
    • Charities
    • Entities from which travel, meals and entertainment are purchased
    • Due paid to an association
    • Providers of magazines or periodicals
    • Governments or entities engage by the government
    The US Postal Service and public utilities are exempt from the oversight and monitoring process as well.

    You may also want to look at the responses on the recent Policy, Program and Procedures thread titled "Exception To TPRM Policy"




  • 4.  RE: Out of Scope

    This message was posted by a user wishing to remain anonymous
    Posted 06-23-2021 02:26 PM
    This message was posted by a user wishing to remain anonymous

    I understand that public utilities normally are out of scope because you recall cannot hold them accountable. What are some other examples of relationships where products or services are acquired 'as is'?


  • 5.  RE: Out of Scope

    Posted 06-23-2021 04:07 PM
    We consider the USPS and public utilities as exempt from the vendor management process. In addition we do not consider any governmental entities as a vendor.