Cyber Security

Vendor Management Review

Vendor Management Reviews – Because You Can’t Outsource the Responsibility of Risk

If you are relying on vendors for the outsourcing of key services, then you should have a well-designed process for vendor management that includes a periodic vendor management review. While you can outsource specific activities and functions, it’s important to remember that you can’t outsource the responsibility of the risks associated with those actives or functions.

Your customers rely on you to protect their critical data, such as account numbers, medical records and credit card information. At the same time, your employees rely on you to protect their non-public customer information, such as Social Security numbers and bank account information used for payroll purposes. It’s possible you might also be relying on vendors for data backup, data center services, managed network security services, or other key services that support your business. With everything you place in the hands of third parties, a vendor management review is essential.

A Holistic Approach to Vendor Management

At PKM, our vendor management reviews are designed to take a holistic approach to auditing your vendor risk management process. We begin by determining how you have identified key vendors and whether any vendors have been omitted from your risk assessment process. We then examine your overall vendor management risk management process to determine whether the various risks have been considered, including:

  • Strategic risk
  • Transactional and operational risks
  • Legal and compliance risk
  • Reputational risks

All of these risks are assessed within the context of the nature of the transactions processed or data stored at a particular vendor.

Our approach to vendor management reviews is unique in that we ensure the board of directors and key stakeholders are aware of the results of the process and can act upon any issues we may have identified. We deliver a formal report, which will include any findings and related recommendations identified during the vendor management review. Based on our experience, we know a strong vendor risk management program can help a company reduce risk and liability to ensure a smooth continuation of business activities.

Video Testimonial

Learn more about PKM’s experience with IT and Systems advisory.

Watch the Video


Vendor Management from a Vendor’s Perspective: How to Prepare and Document for SSAE18 Changes