What Is Vendor Monitoring?

It’s a common misconception that “vendor monitoring” and “vendor management” refer to the same thing. The two terms are often used interchangeably, but each has its own separate objective and duties. To put it simply, vendor management is the overall process of handling vendor relationships, while vendor monitoring is a step within this process.

Let’s start with a quick overview.

What Is Vendor Management?

Vendor management is the process of identifying and handling the third-party companies who provide significant products and services to an organization. It involves a number of responsibilities including controlling costs, ensuring service excellence and mitigating risk throughout the vendor lifecycle.

What Is Vendor Monitoring?

Vendor monitoring, also known as ongoing monitoring, is a vital component of the vendor management process that is often overlooked. After selecting a vendor and signing a contract, it’s just as important to maintain visibility over the vendor relationship. This includes monitoring the third party’s controls that are put in place to mitigate risk, and its ability to meet service level agreements and other contractual terms.

Risk mitigation is one of the core responsibilities of vendor monitoring. Here are some areas of third-party risk to consider:

• Data breaches
• Litigation
• Changes in executive leadership
• Faulty security controls
• A lack of disaster recovery testing
• Poor financials
• And much more…

In addition to mitigating risk, vendor monitoring also involves due diligence, or the collection and assessment of various vendor documents. Here are 6 vendor items that you should be reviewing on a regular basis:

1. Financials
2. Business continuity and disaster recovery plans
3. SOC reports
4. Risk assessments
5. Complaints
6. Public news

Automate Vendor Monitoring

Vendor monitoring can be a very cumbersome and time-consuming task. Fortunately, there are some helpful industry tools to automate the process and ease the burden. 

Here are two options that may be helpful:

1. ArgosRisk -This system can identify early signs of vendor risk and will alert you of any that may need your attention.
2. Security Scorecard - Assists by monitoring your vendor’s security posture which helps identify vulnerabilities, active exploits and advanced threats.
3. BitSight - Allows you to see a high level of visibility into key risk factors and analyze data on a continuous basis to spot security issues with your vendors.

Ongoing vendor monitoring is often a forgotten step within vendor management, but it’s an extremely important component of any program. When performed correctly, it can protect your organization from unnecessary risk.

Ongoing monitoring for vendors is important, as you just learned. Learn 6 ways you can improve your processes. Download the infographic.