Vendor Risk Management Program
eSentire shall review, assess, and assist the Client in developing a Vendor Risk Management Program to ensure Client can review and assess third party providers to reduce and mitigate any risk that may be introduced by third party vendors. This project will include the following key steps:
- Review and assess Client’s current methodology (vendor classification, etc.) and due diligence questionnaires for Vendor Risk Management.
- Assist in development and provide guidance in execution of a consistent Vendor Risk Management Program to limit third party risk.
- Initial (baseline) assessment and review of existing vendor due diligence processes.
- Meetings with subject matter experts or Client designate(s) to review and assess current due diligence process(es) and questionnaire(s).
- Development of a pragmatic Vendor Risk Management Program.
- Executive Summary on findings and recommendations for future changes to Vendor Risk Management Program.
- Guidance and assistance, as necessary, on the continued execution of the Vendor Risk Management Program including involvement in review of due diligence questionnaires and/or involvement in due diligence conference calls to review vendor risks.
Client acknowledges and agrees that it is its responsibility to conduct the actual vendor interviews and data gathering process.