Due diligence requires investigation into a vendor’s ability to meet the requirements of the proposed service and an inquiry into the vendor’s financial ability to deliver its promise. When performing due diligence process for vendors, you should consider the following areas:
1.Business model area: does the business model for this vendor make sense? In other words, how do they run their business?
2.Financial aspect: is the vendor financially solvent? Is there a huge debt? Find this out before you sign a contract.
3.Legal issue: are there any lawsuit pending that can take the vendor’s down?
4.Operation: do they have appropriate operational team to support you? Does it comply with the regulatory requirements?
5.What about the vendors’ own third party?
6.Human resources: how are they training their staff?
7.Information Security: this includes vulnerability test and penetration test.
8.Reputation or, the public’s opinion about the vendor’s business model: what’s the public perception about the vendor?
9.Business Continuity planning: don’t just ask if the vendors have plan, ask to see their plan, and ask to participate in BC exercise (to see strength and weakness in their business model), and ask for the result of the exercise.