We provide more than just great software.

Whether you need assistance completing vendor onboarding reviews and due diligence reports, reviewing vendor social media and complaints, or managing certain key activities of your TPRM program, we’re always here to help you.

Vendor evaluations done right so you don’t have to worry.

Vendor Evaluations and Due Diligence

Onboarding Review Package

One of the most popular requests from our customers is to help them perform a comprehensive due diligence review of a new vendor. Often, this is time-critical and needs to be completed quickly. The reviews, analyses and reports included in the Onboarding Review Package include several VendorEval™ reports:

  • Vendor OFAC/SDN check
  • Vendor News Search and Review of Recent Risk Alerts
  • Vendor Financial Review
  • Vendor Control Audit Review
  • Vendor Information Security Review
  • Vendor BCP/DR Plan and Test Results Review
  • Vendor Certificates of Insurance Review (COIs)
  • Vendor Compliance Review

In addition to the reports above, we include a one-page vendor summary so your project team can quickly review and approve the vendor or document findings and refer them to remediation.

Each of the above VendorEval™ reports can also be purchased separately:

Vendor Evaluations and Due Diligence

Vendor Financial Review

Our vendor financial review report provides you with a credit-based analysis of the vendor’s financial strength and stability, including liquidity/solvency and bankruptcy predictors. Our multi-year analysis analyzes trends and examines key financial ratios and critically rates the vendor across several different categories of financial performance including:

  • Profitability
  • Capital Adequacy
  • Debt to Assets
  • Quick Ratio
  • Z-Score

An overall composite financial review score is presented for the vendor and the vendor’s full financials are included within the report.

Vendor Evaluations and Due Diligence

Vendor Control Audit Review (SOC1, SOC2)

Our vendor control audit reports save you a significant amount of time and energy. Our vendor evaluation specialists have reviewed hundreds of control audit reports from vendors and know what to look for and how to assess the findings and results in vendors’ control audits.

In addition to a narrative, quantitative scores are presented for each major component of the vendor’s control audit report, including:

  • Fourth Parties
  • Audit Opinion
  • # of Exceptions
  • Exception Severity
  • Management Response

Each exception is treated individually and both the severity of the exception and the management response is considered in the ratings.

An overall composite Control Audit score and interpretive opinion and recommendations for consideration are provided.

A separate report segment of our Control Audit Review Report documents Complementary User Entity Controls and Subservicer Controls. This allows an organization to document the alignment of their internal control environment to the prescribed vendor controls, and maintain all documentation within one report set.

Vendor Evaluations and Due Diligence

Vendor Information Security Review

Our vendor information security report allows your organization to focus your analysis on vendor Information Security exceptions we identify for you. Our reports are based upon a review of the vendor’s response and the documents they provide to our VendorInsight® Information Security Questionnaire (VISQ). This questionnaire has been developed and refined by VendorInsight® over the past several years and incorporates key elements of the NIST (U.S. Commerce Department, National Institute of Standards and Technology) Information Security framework which is widely recognized for its comprehensiveness.

In addition to a narrative, quantitative scores are presented for each major component of the vendor’s information security posture, including:

  • Security Program Documentation
  • Logical/Physical Security
  • Cyber Security
  • Incident Management
  • Compliance/Third Party Oversight

An overall composite information security score, an interpretive opinion on exceptions, and recommendations for consideration are provided.

Vendor Evaluations and Due Diligence

Vendor BCP/DR Plan and Test Results Review

Our vendor business continuity planning and disaster recovery (BCP/DR) report tackles the often-difficult task of understanding a vendor’s BCP/DR practices and testing vigilance. Our report is based upon the vendor’s response and the supporting documents it provides in response to the VendorInsight® Resiliency and Recovery Questionnaire (VRRQ). This questionnaire has been developed and refined by VendorInsight® and incorporates key elements defined by regulations as being fundamental to the knowledge of a vendor relationship.

In addition to a narrative, quantitative scores are presented for each major component of the vendor’s resiliency and recovery posture, including:

  • Plan Overview
  • Testing Practices
  • Alternative Facilities/Backup
  • Communication
  • Other

An overall composite BCP/DR score, an interpretive opinion and recommendations for consideration are provided.

Vendor Evaluations and Due Diligence

Vendor Certificates of Insurance Review (COIs)

VendorInsight® can help you gather, review and maintain your vendors’ proof of insurance. Certificates of Insurance (COIs) are uploaded into the VendorInsight® system as they are determined to satisfy policy requirements for insurance coverages. Our written opinion about coverage amounts and the scope of the policies is summarized in our Vendor Evaluation Summary report for you.

Vendor Evaluations and Due Diligence

Vendor Compliance Review

Our vendor compliance report provides your compliance officers with valuable visibility into a vendor’s operations as it relates to the vendor’s adherence to laws and regulations. Our report is based upon the vendor’s response and supporting documentation submitted in reply to our VendorInsight Compliance Questionnaire (VCQ). This questionnaire was developed by VendorInsight® in 2018 with extensive input from our customer community and incorporates key elements defined by regulations as being fundamental to the knowledge of a vendor relationship:

  • Compliance Program
  • Monitoring and Testing
  • Training
  • Reporting
  • Legal/Management/Other

An overall composite BCP/DR score, an interpretive opinion and recommendations for consideration are provided in the report.

Schedule a demo today.

Webinars are held weekly and scheduled to accommodate your needs. Give us a date and time and a VendorInsight® representative will contact you to confirm your request.

Monitoring and Alerting

Upgrade your vendor news monitoring and alerting.

We understand the ongoing requirement to monitor vendor news and market events and have been a leader – since the introduction of VendorInsight® in 2008 – delivering relevant risk content, screening news and market information, and issuing risk alerts to our customers for their critical and high risk vendors.

Reading and monitoring all of your vendor news to identify emerging risks is time consuming. Every day, our research team screens multiple news outlets, press releases, web sites, regulatory sites, public databases and social media. We archive all of our research for you and issue risk alerts to notify you about important events.

You want visibility. We provide access to your vendor news articles through the VendorInsight® software. Important news monitoring risk alerts are also delivered as email notifications to you and your team daily.

Some of our key vendor monitoring risk alerts include:

  • Regulatory Sanctions
  • Data Breaches
  • Financial Deterioration
  • Lawsuits that may expose the vendor to a material loss
  • Intellectual property infringement allegations
  • Changes in executive leadership

VRM Pro™ Outsourcing

Take our vendor management services to the next level with VRM Pro™ Outsourcing.

Whether you simply want to save time or just don’t have the staff or expertise to keep up with everything, every day, VRM Pro™ Outsourcing may be the right choice for you. We’ll manage the following to give you peace of mind:

  • Vendor contract and records input and maintenance
  • Vendor contact information and geographical locations
  • Vendor due diligence requests and follow ups
  • Due diligence reviews and preparation of findings reports
  • Facilitation to complete vendor inherent risk relationship profiles
  • and more!

Schedule a demo today.

Webinars are held weekly and scheduled to accommodate your needs. Give us a date and time and a VendorInsight® representative will contact you to confirm your request.