Vendor Management

I need to revamp our vendor management procedures. Does anyone have anything they could send me to look at? It was recommended to us that we make it more detailed. What do we need when we are beginning a new contract and then what do we need to do annually. If anyone has any inforamtion I'd appreciate it. You can PM and I can email you with my email address.

Thanks,

It's not a policy and you may have seen this already ... but if not ... the FDIC issued guidance on third-party/vendor oversight programs in the FIL below ... this may be helpful.

http://www.fdic.gov/news/news/financial/2008/fil08044a.html

Thanks, where can I get SAS 70 information. It is not posted all all critcal websites. Can I go out somewhere to get that information?

You will need to contact each vendor and request a copy of their SAS 70 report. I would also request a copy of the management response to the SAS 70, or some sort of follow up report on any exceptions noted in the SAS 70.

From the link above:

"Evaluate the third party's financial condition at least annually. Financial review should be as comprehensive as the credit risk analysis performed on the institution's borrowing relationships. Audited financial statements should be required for significant third-party relationships."

Our new host for our website is refusing to give us their financials for review. They say we have no need for them. We've talked to them about the reasons why but they refuse. I may print out the info on the link above but does anyone know of something better that can prove to this company that we in fact need their financials or any advice you can help me out with? They're either stingy with them or possibly financially struggling..

Your new host? I don't know how you could make a decision to move your web hosting without reviewing financials. That should be part of your due diligence outlined in your vendor management policy. If the contract is signed already and there is no language in there to require financials, I guess you're stuck.

The first web host we used would not provide financials as they we were privately owned and didn't want to. When the regulators came out with all the vendor management requirements, we switched.

Old host gave us 3 days to find a new host because they decided to pack it up last minute.... IT guys had to make a quick switch.. mess...