You've probably heard how important vendor management is to the success of your information security program. But it's important that you learn how to start a vendor management program and perform assessments for it so that each assessment supports your business.
Without a vendor management program, your compliance posture can fail. You'll have no visibility into the vendors or 3rd parties that help your business operate, you won't be able to demonstrate business continuity to your leads and customers, and you'll have a glaring gap in your overall risk posture.
So why, oh why, does almost every smaller firm I talk to have a laundry list of excuses for why they can't manage their vendors?
Maybe because, unless you're one of the few people who actually like understanding regulations or assessing risk, vendor management is painful! You have to find the regulation, work with parts of the business you'd rather avoid and then find a way to manage all of this on an on going basis ... ugh, where do you even start?
Well friends, it's time to get your head out of the sand!
What or who is a vendor?
A vendor, or 3rd party, is a person or company that supplies products or services.
Why do I need to manage my vendors?
A business relies on its vendors to perform a set of functions or tasks for which its customers for which its customers rely on them.
This means that, for example, a hospital system may need services or products from medical device companies or cleaning companies in order to fulfill the obligation of patient care. From that perspective, vendors need to be managed so that the business can continue to perform it's specific objectives.
What is the vendor management program?
A vendor management program is a fancy way of saying lets make sure that our business isn't impacted by the vendors or 3rd parties we work with.
How do I start a vendor management program?
Starting a vendor management program isn't as difficult as you think. If you follow these simple steps you can be on your way in no time.
- Contact the person who pays vendors within your company, this is generally the finance department
- Obtain a list of vendors the company that the company has paid in the last year
- Ensure every vendor relationship is managed by an internal person within your organization
- Meet with your co-worker to understand what goods or services the vendor provides, how critical the vendor is to your organization and whether the vendor impacts your company's ability to function if they were no longer in business.
If you're ready to start a Vendor Management Program contact us for free templates to get you started!