Hi All,

I have been given the task of re-vamping our Vendor Management program. We have recently gone through a merger and the policy my bank had was very thorough at about 12 pages long. The policy that has recently been accepted is 3 pages inlcuding procedures.......I would like to fall somewhere in the middle, but I am not sure where to start and niether of the policies have been through any recent audits.

Would anyone be willing to share their vendor management policy/procedures?

Any insight would be helpful.

I too would appreciate anything on Vendor Management that anyone can offer. Thanks!

At a minimum, be sure you're reviewing every one of your significant service providers' financials and SAS 70's at least annually (and presented the the Board of Directors). Also, be sure you're addressing any/all client control considerations in all of your sig. svc. providers' SAS 70's in a formal document that is reviewed annually (and presented to the BOD). Be sure your policies/procedures spell out all of these annual reviews and presentations to the BOD explicitly. Also, review your vendors' business continuity plans/be sure they have addressed disaster planning, pandemic planning, etc. Review every contract you have with all vendors (not just your significant service providers). Document the review, document when the contract expires, document whether or not that vendor has access to any confidential information, document whether or not that vendor has a confidentiality clause/statement in their contract or as an addendum to the contract with your bank, to satisfy GLBA.