Vendor management policy

---

The criticality of risk increases when an organization outsources to a wider ecosystem of vendors and partners. 

A vendor management policy is a critical component of an organization’s compliance risk management strategy.  It is one of the best practices for any organization that works with Personally Identifiable Information (PII) and sensitive data to develop a policy to review all the vendors, such as third parties, contractors, or an associate with whom an organization does business. 

A vendor management policy, developed and overseen by a cross-company team, will help an organization evaluate its current vendors according to the risk level and assess potential new vendors for adherence to appropriate cybersecurity practices. 

A successful vendor management policy will also establish processes for continuously monitoring third-party and fourth-party service providers to ensure their ongoing adherence to an appropriate level of security.