Third-Party Vendor Due-Diligence Checklist - Aavenir
CHECKLIST Third-Party Vendor Due-Diligence Checklist Thoroughly vet potential vendors using a vendor due diligence checklist to mitigate risk in the vendor selection process. www.aavenir.com
2 Third-Party Vendor Due Diligence Checklist Introduction In a world that seems to grow more prone to data breaches and identity theft by the day, what can you do to protect not only your information but that of your customers as well? Your customers entrust you with a lot of sensitive data, so the vendors you work with must have safeguards in place to keep this sensitive and confidential data secure. Vetting and choosing vendors is one of the most important decisions you’ll make for your business, especially when it comes to third-party information security. Once you’ve narrowed your vendor options to those that can support the organization’s needs, it’s time to gather the information that will help you take a risk-based approach to vendor selection – this is the Third-Party Vendor Due Diligence Process. This information enables you to rank potential vendors' risks to your organization, strengthening your organization and protecting you from insecure or irresponsible vendors. Vendors could do everything from running your call center to storing your data, monitoring your systems, or destroying your records. Yes, you can outsource a process or a department to vendors – but you can never outsource risk. Vendors inherently pose some level of risk to your organization, irrespective of their market reputation – especially financial risk, operational risk, reputational risk, and cyber risk – because they have access to your data, network, hardware, cloud, and more. This is why you must thoroughly vet potential vendors using a Third-Party Vendor Due Diligence Checklist.
3 Third-Party Vendor Due Diligence Checklist Third-Party Vendor Due Diligence Checklist We’ve compiled this Third-Party Vendor Due Diligence Checklist to overview the types of information that should play a role in procurement decision-making. Not every item in this checklist is necessary, but the more you complete it, the more thoroughly you’ll mitigate risk in the vendor selection process. General Information Insurance Articles of Incorporation General Liability Business License Cyber Insurance Mission Statement Insurance Specific to Services Comprehensive List of All Services Location(s) Information Security Technical Review Proof of Location(s) Internal or External Audit Reports Overview of Company Structure Penetration Testing Reports Biographical Information of Executives List of Subcontractors Financial Review Annual Report (if publicly traded) Tax Documents Loans and Other Liabilities Major Assets Principal Owners Reputational Risk Code of Conduct Litigation History of Company and Key Individuals Negative News Reports Complaints and Negative Reviews Reports from Agencies like the CFPB or BBB Risk Assessment Network and Data Flow Diagrams History of Data Breaches and Security Incidents Site Visits or Other Tests to Assess Physical Security Business Continuity Plan Disaster Recovery Plan Security Awareness Training Performance Policy Review Information Security Policy Privacy Policy Change Management Policy Vendor Management Policy Data Retention and Destruction Policy Hiring Policy
4 Third-Party Vendor Due Diligence Checklist Choosing a Compliant Vendor Once your potential vendors have submitted their response to the Third-Party Vendor Due Diligence Checklist, you may be in one of the following situations: A potential vendor is not willing to submit few responses to important criteria in the checklist. Depending on the nature of your criteria, you may have the right to be suspicious of their processes and determine that they do not understand your standards. A potential vendor submits the response but their evidence proves they pose a significant risk to your company, and it is unreasonable to try and mitigate. Cross them off your list! You have more criteria based on a potential vendor’s initial responses. Ask them! If they want your business badly enough, they will cooperate with your due diligence process. One potential vendor’s security processes stand out among the rest – your choice is easy !
5 Third-Party Vendor Due Diligence Checklist What’s next? As you work to ensure that your company has the proper safeguards in place, as well as to vet existing and potential vendors, here are some questions to guide your thinking: Are you taking every reasonable precaution with your customers’ data? Are these controls documented? Periodically reviewing the protections you have in place today—and proactively making any needed changes or upgrades— can help ensure that the information you store is secure in the future. Do you have more than one vendor providing a similar service? How many of your vendors have access to sensitive data? Assessing your current suite of vendors is an easy way to detect potential redundancies and minimize unnecessary access to your customer's data. Have there been any red flags you should address? If so, don’t leave anything to chance. Investigate warning signs promptly to ensure that your vendors continue to meet your security standards. If one of your vendors experiences a data breach, how do you plan to shut off the data flow and communicate the issue to your clients? Identifying and planning for potential threats ensures that you are prepared for any scenario. Ultimately, it is your decision whether to entrust this information to a third-party vendor. Remember that you are your own most-trusted ally for controlling the flow of data to your vendors. By following the Third-Party Vendor Due Diligence Checklist for vetting your vendors, you will have the information you need to make an educated decision and guarantee compliance with applicable laws and regulations. Have more questions about vendor relationships and they can impact information security? Want to put Aavenir through your Third-Party Vendor Due Diligence Checklist? Let’s talk today!
6 Third-Party Vendor Due Diligence Checklist Elevate Your End-to-end Vendor Management Experience on ServiceNow Are you willing to enable end-to-end vendor management through collaboration portals and minimize the complexity of supplier onboarding and engagement across all sourcing and procurement processes? Get a custom demo of the Aavenir software and find out how you can manage your vendor for better business results.
7 Third-Party Vendor Due Diligence Checklist About Aavenir Aavenir revolutionizes age-old procurement processes with AI-enabled Source-to-Pay solutions including RFPflow, Contractflow, Obligationflow, and Invoiceflow. Built on ServiceNow, Aavenir solutions streamline procurement, legal,and accounts payable work processes using the latest technologies such as AI, ML, and NLP to eliminate manual work, accelerate cycle time, and reduce dependency by offering smart suggestions based on historical data. For more information, please visit www.aavenir.com Explore Aavenir Source-to-Pay Solutions on ServiceNow Aavenir RFPflow Aavenir Contractflow Aavenir Invoiceflow Aavenir RFP/RFI/RFQ management software accelerates the vendor qualification process using milestone-based RFX-to-award workflow and collaborative vendor scoring. Aavenir Contractflow (CLM) enables enterprises to efficiently create and manage bilateral contracts for procurement, sales, services, legal, NDA, HR or any other type of internal and external enterprise operations. AI-enabled Aavenir AP Automation solution learns an organization’s unique invoices patterns to simplify invoicecoding, automate invoice data entry, and identifies exceptions ensure data accuracy. Create RFP/RFI/RFQ Create Contract Import Non PO & PO Invoice Request Responses Review & Negotiation Automated Invoice Data Entry Score Responses Approval & E-Signature Invoice Approval Workflow Award-a-Bid Dashboard & Reports Dashboard & Reports
Get Started www.aavenir.com contact@aavenir.com twitter.com/aavenirInfo linkedin.com/company/aavenirinfo
5 Third-Party Vendor Due Diligence Checklist Third-Party Vendor Due Diligence Checklist As you work to ensure that your company has the proper safeguards in place, as well as to vet existing and potential vendors, here are some questions to guide your thinking: Are you taking every reasonable precaution with your customers' data? Are
RGF Due Diligence Engagement Template Terms . 1 Introduction The [Applicant] is required to submit to BIS a Due Diligence report prepared by the Due Diligence Service Provider which covers the scope of the Due Diligence work set out in Appendix 7 of the Conditional Grant Offer Letter (the "Due Diligence report"). These termsof engagement set
Third-party due diligence report means any report containing findings and conclusions of any due diligence services performed by a third party. 2 The term due diligence services encompasses a review of the assets underlying an asset-backed security for the purpose of making findings with respect to:
Section 01 - Legal Due Diligence 04 1.1 Purpose of Legal Due Diligence 05 1.2 Conclusion 1 4 Section 02 - Finance Due Diligence 1 5 2.1 Purpose of Finance Due Diligence 1 6 2.2 Conclusion 2 8 Annexure 2 9 Annexure 01 - Statement of Comprehensive Income 30 Annexure 02 - Statement of Financial Position 31
Phase 1 is concerned with the basics of due diligence with a focus on tools and techniques of due diligence analysis. Day One: The basics of due diligence in the oil and gas business The changing dynamics of the global oil and gas business The strategic relevance of due diligence in market analysis
finalizes the due diligence report - The due diligence report must seek to prov ide the most pertinent information at a gi i i i i h il b bd f ibliven point in time in the most easily absorbed form possible - It is particularly critical to relate the due diligence report to the strategic objectives of the due diligence process.
§ 1.03[1] DUE DILIGENCE 1-8 § 1.03 Benefits of the Due Diligence Investigation If not carefully conceived and managed, due diligence investiga-tions can become expensive boondoggles that never end and never lead anywhere. It should be kept in mind that process without results is useless. The due diligence investigation is all about producing .
5. Anti-bribery due diligence starts sufficiently early in the due diligence process to allow adequate due diligence to be carried out and for the findings to influence the outcome of the negotiations or stimulate further review if necessary. 6. The partners or board provide commitment and oversight to the due diligence reviews.
November 2014 HR: Getting smart about agile working WORK WORKFORCE WORKPLACE in association with . Championing better work and working lives The CIPD’s purpose is to champion better work and working lives by improving practices in people and organisation development, for the benefit of individuals, businesses, economies and society. Our research work plays a critical role – providing the .
