IT Examiner School, Providence, RI

Vendor Management Core elements of vendor management:

 Risk Assessments  Due Diligence  Contract provisions and considerations  Oversight and ongoing monitoring of service providers  Business continuity and contingency plans

Oversight and Ongoing Monitoring

Management should monitor service provider performance and potential changes in institution requirements throughout the life of the contract. Monitoring should encompass:  Key service level agreements (SLAs) and contract provisions  Financial condition of the service provider  General control environment of the service provider through the receipt and review of audit reports and other internal control reviews  Disaster Recovery and Business Continuity Planning (and testing)