Effective vendor management is a significant undertaking. From due diligence and contract reviews to performance tracking and ongoing monitoring, maintaining reliable third-party relationships requires a structured framework for vendor management. Review some of the key steps of a successful program with this list of common vendor management terms and concepts.
The verification of the identity of an individual, system, machine, or any other unique entity
The process of allowing access to specific areas of a system based on the role and needs of the user
Certified Information Systems Security Professional review of the SOC report
The process of determining how important (or critical) the vendor is to the organization; drives the level of due diligence required
Certified Public Accountant review of the vendor’s financial statements
The process of investigating a new or existing vendor; includes gathering important information about the vendor (e.g., financials, processes, procedures, SOC reports, and other data), performing risk assessments, and implementing a process for assessing vendors before signing contracts
An agreement between two parties where the contract is automatically renewed at the end of the term
A vendor’s third party or service provider
Processes and structures implemented to communicate, manage, and monitor organizational activities
The influence and effect of a risk
A primary control that is essential for a business process; typically takes place during the process it applies to
The probability of a risk occurring
The necessary steps, or action items, to reduce the likelihood and/or impact of a potential risk
A potential event or action that would have an adverse effect on the organization
An important control that typically takes place after the process it applies to (i.e., reporting or ongoing monitoring)
System and organization controls reporting; provides assurance that the information a vendor processes remains private and confidential
A non-essential control that can still be applied effectively to a business process
The individual in an organization who is responsible for the vendor (typically a primary user)
Explore Quantivate Vendor Management Software, designed to streamline your vendor management activities, uniting due diligence, risk assessment, contract and performance reviews, and more in a single platform.
We also offer Vendor Management Services to help get your third-party risk management off to a strong start. Learn more about how a Quantivate consultant can assist your organization with due diligence or contract reviews.