Creating a Vendor Management Policy and Why You Need One

Creating a Vendor Management Policy and Why You Need One

Table of contents

  1. Why your organization needs a vendor management policy
  2. How do third-party relationships introduce more potential risks?
  3. Why continuous monitoring is a must for any vendor management program
  4. What are the consequences of not having a vendor management policy?
  5. How to create a vendor management policy
  6. What should a vendor management policy include?
  7. How to assess new vendors with a vendor management policy
  8. How UpGuard can help you manage your vendor risk

1. Why your organization needs a vendor management policy

2. How do third-party relationships introduce more potential risks?

3. Why continuous monitoring is a must for any vendor management program

4. What are the consequences of not having a vendor management policy?

5. How to create a vendor management policy

  • have access to sensitive data or personally identifiable information (PII)
  • have access to your internal network
  • your organization relies on for important business activities

6. What should a vendor management policy include?

  • Service level agreements (SLAs)
  • Vendor compliance standards
  • Acceptable vendor controls
  • Vendor liability in the event of a data breach
  • Vendor review (SOC 2 report, site visits and auditing requirements)
  • Termination of contract when security requirements aren’t met
  • Board or senior management oversight where needed
  • Disaster recovery and established redundancies for important business functions

7. How to assess new vendors with a vendor management policy

8. How UpGuard can help you manage your vendor risk

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
UpGuard

UpGuard

https://www.upguard.com — UpGuard combines third-party security ratings, vendor questionnaires, and threat intelligence in a single cyber risk solution.