Best Practices: Retrieving Data from Vendors

There are a lot of reasons why a relationship with a third-party vendor could be terminated. In that case, your vendor-stored data could be vulnerable. 

The service requirements of your business often need to continue, but the risk is that data could be accessed by unauthorized users after contract termination. Another fear? That vendors may improperly dispose of documents that contain a customer’s confidential information, leaving that data at risk of being located and stolen.

In the event of contract termination, it’s important to immediately retrieve your company’s data. However, to do this, you need to have the proper failsafes in place prior to contract termination.

Create a plan to receive your data

To plan for any contingency, follow these eight best practices to protect your data:

  1. Know specifically where your data resides and where backup sites are located.
  2. Define what is and isn’t confidential information.
  3. Include a service agreement with an exit clause that enables you to retrieve your data at any point in time.
  4. Plan how you will you retrieve your data, either through a web interface for you to download, or in a physical format.
  5. Create a timeline for retrieving your data, including how long the data should be kept after the service of the vendor expires.
  6. Request both digital and physical data be destroyed or sent directly to you.
  7. If data is returned, you should have a plan about where to store or archive this information.
  8. Perform regular audits, monthly or quarterly, to evaluate where data is stored as the vendor could change the location.

Infographic: Guidelines for Effective Vendor Onboarding

Mitigate risk while building strong vendor relationships.

Manage your data throughout a vendor relationship cycle

In this fundamentally digital age, it’s vital to track, monitor, and protect your data in case a once-trustworthy third-party vendor relationship has to end. Ultimately, you’ve got to plan in advance for a worst-case scenario if a vendor relationship can’t be saved.

Even if it’s an extremely trusted vendor relationship with no sign of trouble on the horizon (as in, a beloved family member is the vendor, and you’d never have a falling out!), you should still be tracking the data they have in their hands…just in case.

It’s essential to have a capable tool in place, from a provider that understands everything about vendor management and can guide you on how to plan for contract termination. Utilize a vendor risk management solution that manages your data through the entire lifecycle of a vendor relationship.

If a vendor relationship does have to be terminated, a VRM solution can provide you with a document and records archive. And you’ll benefit from the ability to preserve and document your risk management activities, as well, in case of an audit.

Defend yourself against vendor and enterprise risk

Learn about our best-in-class VRM/ERM solutions.