Selecting the right vendors to work with is a critical first step within the vendor risk management process. Before selecting a vendor, use due diligence to verify the following areas of the partnership (note that this list isn’t exhaustive):
- Performance history
- Financial health
- Market reputation
- Policies in place within the vendor organization
- Stakeholders and board of directors
- Civil or criminal lawsuits against your vendor or its stakeholders
Armed with this information, develop a risk assessment profile identifying the possible risks.
Next, establish a risk management strategy including the necessary steps to mitigate those risks. If your organization already has a strategy in place, note that you may need to add or modify a clause in the document for each vendor with whom you’d like to work. Once the strategy is in place, utilize it for a periodic vendor review.