Rules to Receive CPE

Credit
BY ATTENDING TODAY’S SESSION, YOU ARE ELIGIBLE
TO RECEIVE 1 CPE CREDIT PER THE FOLLOWING
GUIDELINES:

In order to receive this credit, the following items MUST be

completed:

• Each person wishing to receive CPE Credit must log

into the session individually with their credentials
• You MUST answer ALL three of the polling questions
throughout the presentation
• You MUST be in attendance for the entire live 1-
hour session
• You MUST complete the follow-up survey regarding
the session

© 2024 Venminder, Inc. 1

Performing
a Complete Vendor
Contract Review PRESENTED BY

Kelly Vick
May 9, 2024 President
Venminder​

© 2024 Venminder, Inc. 2

Session Agenda

1 2 3 4 5 6
Key elements of Addressing Key Exit Common Key takeaways
the vendor fourth parties performance strategies contract
contract in your indicators and language and
contracts service level clauses
agreements

© 2024 Venminder, Inc. 3

The 5 Phases of Vendor Contract Management
The vendor contract management process is made up of several phases that lead to a
final agreement between your organization and the vendor:

Who should be involved in the selection of the vendor

Phase 1 Internal Planning
and has the authority to change the agreement?
Will you be working with standard contract templates?
Negotiating/Creating/
Phase 2 Who will approve the changes? Who is responsible for
Drafting
creating the contract?
Who is authorized to execute the agreement? Do they
Phase 3 Approving/Executing
understand the terms and risks?
Phase 4 Storing Where are your contracts housed?
Who is managing the contract throughout the life of the
Phase 5 Managing
relationship?

© 2024 Venminder, Inc. 4

Contract
Negotiation

NEGOTIATION IS KEY
Do not accept the first contract
you see.

It’s common to see changes and

special requests from both parties in
the contract.

© 2024 Venminder, Inc. 5

Critical Elements of a Vendor
Contract
CLEARLY OUTLINES THE SCOPE OF
SERVICES

• Support, maintenance, customer service

• Timeframes (for kickoff, implementation, etc.)
• Training
• The products/services the vendor will provide
• Rights and responsibilities

© 2024 Venminder, Inc. 6

Critical Elements of a
Vendor Contract CONTINUED

LOCATE PERFORMANCE CONFIRM THE DURATION

STANDARDS AND OF THE CONTRACT IS
ENSURE ADEQUACY CORRECT

Include relevant service level Verify the termination and

agreements, remedies, and any notification periods are
penalties if the SLAs are not met. appropriate and meet your
expectations.

© 2024 Venminder, Inc. 7

Critical Elements of a
Vendor Contract CONTINUED
ALWAYS LOOK FOR SECURITY AND
CONFIDENTIALITY PROVISIONS

Things to consider…
• Data ownership
• Safeguarding your data
• Breaches and how they’re managed
• Data destruction
• Geographical limits on where your
information can be stored
• Data segregation

© 2024 Venminder, Inc. 8

Critical Elements of a
Vendor Contract CONTINUED

LOOK AT THE AUDIT UNDERSTAND COMPLIANCE

REQUIREMENTS REPORTING WITH LAWS AND
REGULATIONS
Verify there’s a What reports will be
Dependent upon
description of audit made available to you? the location,
reports your organization Will there be any fees services,
is entitled to receive. for customizations or regulators, etc.
special requests?

© 2024 Venminder, Inc. 9

Critical Elements of a
Vendor Contract CONTINUED
VERIFY BUSINESS RESUMPTION AND
CONTINGENCY PLANNING
In today’s world, business resumption and
contingency planning language is a must-have in
your vendor contracts.

REVIEWING SUBCONTRACTING
Be sure the vendor outlines their policies around
subcontracting and require due diligence
documentation for any subcontracted vendors (your
fourth parties).

© 2024 Venminder, Inc. 10

Critical Elements of a
Vendor Contract CONTINUED

LOOK FOR OWNERSHIP AND LICENSE LOOK FOR REPS AND

INFORMATION WARRANTIES
It’s important to make sure there are protection rights This is standard disclaimer
for your organization outlined within the contract. This language seen in almost all
language should clearly describe the type of ownership contracts but there is a place
and license you’re being granted, what and how each for some warranties to be
of you are allowed to use each other’s data, system, outlined.
documentation, and any other intellectual property.
Both parties should want it very clearly stated if and
how each other can use the other’s name, logo,
trademarks, and other copyrighted material.

© 2024 Venminder, Inc. 11

Critical Elements of a
Vendor Contract CONTINUED

ENSURE YOUR INDEMNIFICATION CLAUSE IS

APPROPRIATE
An appropriately written indemnification clause
will hold your organization harmless from
liability due to a negligent vendor.

REVIEW THE LIMITATION OF LIABILITY

Determine how much you’re willing to lose (or be
on the hook for) should the vendor fail to perform.

© 2024 Venminder, Inc. 12

Critical Elements of a
Vendor Contract CONTINUED

LOOK FOR INCLUDE STANDARDS INCLUDE ONGOING MONITORING

PROVISIONS AROUND INCIDENT STANDARDS
AROUND DISPUTE MANAGEMENT Require the vendor to provide the
RESOLUTION Who will resolve and necessary due diligence
How and where will perform root-cause documentation for your organization
they be heard? analysis? to perform the appropriate level of
ongoing risk monitoring.

© 2024 Venminder, Inc. 13

Critical Elements of a Vendor
Contract CONTINUED
REVIEW GENERAL PROVISIONS
And, to bring it all home, review the general provisions…

You’re looking for provisions such as the following:

• Survival • Compliance with laws and

regulations
• Governing law
• Business continuity and resiliency And more, depending
• Contract conflict – order on the vendor
of precedence • Dispute resolution relationship in review,
• Severability • Ongoing monitoring as the provisions
necessary aren’t limited
• Failure to exercise/waiver • Customer complaint management to these.
• Regulatory supervision
© 2024 Venminder, Inc. 14
Managing Your Vendor Contract
Include a full mid-point review and add a proper negotiating
window.

EXAMPLE:
The more complex a contract is, the longer the window should be.
The review and negotiation window for critical and high-risk
contracts should be open at least 90 days before contract
expiration or renewal.

© 2024 Venminder, Inc. 15

POLL QUESTION

a. Yes, we have a mandatory contract

Does your third-party risk review process in place prior to
management program signing

include requirements/tasks b. Some vendor contracts are

reviewed prior to signing
to perform a thorough
c. We don’t have a formalized
review of the critical contract review process
elements of your contracts?
d. Other
e. Not sure

© 2024 Venminder, Inc. 16

Fourth-Party Vendor Contract Requirements
Some considerations to keep in mind when writing fourth-party
requirements into your third-party contract are:

STANDARDS • Business continuity and disaster

Your third-party recovery plans
vendor should • Information security and
actively manage privacy program
their third parties to • Compliance with all applicable
the same standards regulations, laws, and rules
that your
• Specific periodic review
organization would
intervals and ongoing
expect of them
monitoring requirements
around the following
areas: • Publicity and use of name

© 2024 Venminder, Inc. 17

Fourth-Party Vendor
Contract Requirements CONTINUED
CRITICAL
SUBCONTRACTORS
Your third-party vendor
should disclose all of their
current and known vendors
(subcontractors) which are
deemed critical in providing
their products and services to
you. The contract should also
specify whether your
organization’s approval is
required for changes to a
subcontractor.
RIGHT TO AUDIT
If in a regulated industry, or if
the third party is providing a
critical function for your
organization with access to
your confidential information,
include language that gives
you the right to audit your
third party – ensure that any
subcontractor data and details
supporting your services must
also be available for such
audit(s).
© 2024 Venminder, Inc. 18
Fourth-Party Vendor
Contract Requirements CONTINUED

ADVERSE EVENT ONGOING NONDISCLOSURE

MONITORING (NDA)
Your vendor should
REQUIREMENTS AGREEMENT
notify you of any
adverse, Your vendor should Your NDA with
reputational, legal, be held accountable your third party
or financial events to perform risk- should also extend
relating to your based monitoring to any fourth
fourth party. You and periodic due parties.
should stipulate the diligence for their
acceptable significant third
timeframe for the parties.
notification.
© 2024 Venminder, Inc. 19
Fourth-Party Vendor
Contract Requirements CONTINUED
A fourth-party vendor who accesses your
IDEMNITY AND INSURANCE
organization’s data should have the same
REQUIREMENTS FOR
cyber insurance coverage amount as your
FOURTH PARTIES
direct vendor.

RIGHTS TO PERFORM State if your organization forbids your data to be

ACTIVITIES OFFSHORE accessed or stored offshore and whether written
approval is required.

RETURN OR Be very specific with how your data will be handled

DESTRUCTION OF upon termination of the agreement. Explicitly state
CONFIDENTIAL all data, in whatever medium stored and whatever
INFORMATION location(s) stored, the disposal expectation, the
documentation required, and the timing around
the data handling.
© 2024 Venminder, Inc. 20
 POLL QUESTION

Within your contracts, do you a. Yes, with all contracted third-

party vendors
ensure your third-party
b. Yes, with some contracted
vendors are actively managing third-party vendors
their third parties (your fourth c. We don’t require these fourth-
parties) to the same standards party standards
that you contractually expect d. Other
of your third party? e. Not sure

© 2024 Venminder, Inc. 21

Service Level Agreements, Key Risk
Indicators, and Key Performance
Indicators

• One of the most essential concerns of any contract is

for both parties to identify and agree on what
constitutes acceptable performance, or satisfactory
quality related to the products, or services provided
by the vendor.

• While your organization is responsible for setting the

standards of appropriate service level agreements,
your vendor is ultimately required to meet them.

© 2024 Venminder, Inc. 22

Service Level Agreements
(SLAs)
• SLAs identify the most critical attributes of
quality, delivery, and performance, and are
differentiated from other measurements as they
usually carry a penalty for noncompliance.
• The penalty can be monetary in the form of
discounts or fines.
• It can also be non-monetary, such as losing
the right to compete for more business with
the organization.
• All SLAs must be clearly stated within the
contract, including the measurements,
thresholds, and penalties for noncompliance.

© 2024 Venminder, Inc. 23

Characteristics of
a Good SLA

• Holds your vendor to a high standard

• The measurements, thresholds, and
penalties for noncompliance are clearly
defined
• Helps protect your organization from
penalties and/or fines

© 2024 Venminder, Inc. 24

Key Risk Indicators (KRIs)
• KRIs are the conditions under which the
organization may request specific root cause
analysis, reporting, and mitigation.
• KRIs represent the thresholds that signal a
material risk is likely but hasn’t yet manifested.
• KRIs should be set at such a level that both
parties can recognize the necessity to urgently
address actual or potential problems.
• KRIs are beneficial for both parties. They
provide the vendor an opportunity to course-
correct before an SLA is breached and penalties
are imposed.

© 2024 Venminder, Inc. 25

Characteristics of a Good KRI

• Knowing details like the people, processes,

technologies, facilities, and more (attributes)
that are most important to continued
operational success.
• Identifying and ranking the risks, threats and
vulnerabilities, and the likelihood of them
occurring.
• Linking the key attributes to the most
significant risks to identify those of greatest
concern and monitoring them on an ongoing
basis.

© 2024 Venminder, Inc. 26

Key Performance
Indicators (KPIs)
• KPIs are other measurements used in defining
the overall performance level of the vendor.
• KPIs should be objective, meaning there is a
definable measurement that can be supported
by data. An example would be the "average
customer complaint resolution time" or the
"average answer rate".
• KPIs may also be subjective. Subjective KPIs
don’t reflect data supported measurements, but
instead are usually informed by someone’s
opinion.

© 2024 Venminder, Inc. 27

Characteristics of a Good KPI

• Simple and easily understood and

measured.
• Relevant and reflecting the organization’s
goals and objectives.
• Quantifiable and verifiable and based on
information that is easy to obtain.
• Achievable and realistic.
• Timely and allowing for feedback and
correction.
• Visible to relevant stakeholders.

© 2024 Venminder, Inc. 28

Objective vs Subjective KRIs and KPIs
OBJECTIVE
This refers to something that can be counted or
measured.
This metric is based on data, facts, and established
criteria with reliable outputs that are unchanging. ​
Examples include:​
• Number of high-risk vendors​
• Time to complete a risk assessment​
• Percentage of critical vendors​
• Volume of customer complaints​
• Percentage of vendors meeting SLAs
SUBJECTIVE
Subjective or qualitative metrics are something
observed, experienced, or felt. ​
Includes opinions, impressions, feelings, and
judgments. ​
Outputs are variable and can change depending
on the perspective of the individual.
Examples include:​
• Stakeholder satisfaction​
• Ease of use (TPRM software)​
• Usefulness of reporting
© 2024 Venminder, Inc. 29
KRI and KPI Examples
An example of an objective KRI
would be service availability
If your SLA states that the service must
be available 98% of the time and there
has been a recent pattern consistently
approaching that limit, with availability
hovering at rates of 95%-97%, the
organization would then have the right
to request the vendor investigates,
reports on, and if necessary, mitigates
the issue.
An example of a subjective KPI would be
suitability
Suppose your vendor replaces your account
manager with someone who doesn’t seem
knowledgeable about your business or has
little experience in your industry. In this case,
you may determine that the new account
manager isn’t suitable to service your business,
and that would reflect poorly on the vendor’s
overall performance. Use subjective KPIs
sparingly, if at all, as one’s opinion isn’t
considered fact and isn’t considered evidence
in the case of a legal dispute.
© 2024 Venminder, Inc. 30

An exit strategy is a means of
leaving one's current situation,
either after a predetermined
objective has been achieved
(contract has terminated), or as
a strategy to mitigate failure
(unplanned incident or default).
Including an exit strategy in the
contract helps ensures
minimum business and
customer disruption if the
relationship were terminated.
Exit Strategy
As you develop a formal exit strategy, consider the
following…
• Keep senior management/the board informed
• Discuss with experts in your organization
• Write out a detailed timeline
• Multiple alternatives, whether a sudden or gradual
unwind
• How data will be destroyed or returned to you
• How you’ll minimize service disruption to your
business and your customers
• If testing is possible, as you’ll want to test if you can
• Review the exit strategy periodically, annually, or
when significant change occurs
© 2024 Venminder, Inc. 31
Exit Strategy Considerations
USE A CHAMPION VS CHALLENGER
STRATEGY
Evaluate your continuing service
requirements. An exit strategy
should specify your organization’s
service requirements during the
transitional end of the vendor
relationship.
For example, some of these requirements may
include:
• The vendor’s obligation to continue providing
specific levels of performance during the
transition period
• Defined roles from your vendor during
transition
• Providing parallel services for a predefined
period during changeover
• Additional assurances surrounding the
confidentiality, integrity, and availability of your
data during the transition to a new vendor
© 2024 Venminder, Inc. 32
Exit Strategy Considerations
REVIEW DATA SECURITY AND
PRIVACY
Maintaining data security and
privacy is critical, even during the
transition from one vendor to the
next. Here are just a few data
security and privacy precautions
you’ll want to make sure are
accounted for:
• Secure transfer of all your
organizational and customer
data
• A mutually acceptable method
of data destruction
• Data Destruction Certificate
THINK ABOUT DECONVERSION COSTS
You’ll need to consider the financial impact of any
vendor termination before you sign the contract. Any
deconversion costs or conversion costs should be
specified in the contract upfront! Consider the following:
• Are there going to be any fees for early termination of
the contract?
• Is the termination “for cause”?
• What are the specific costs of the deconversion from
your current vendor?
• What will the new vendor charge for the conversion?
• Are there any additional fees, transition costs, or
continuing base service fees?
• Can you expect the return of any prepaid fees for
services not delivered?
© 2024 Venminder, Inc. 33
POLL QUESTION

a. The sudden loss of a third party

b. The intended gradual unwind

of a third party
What type of exit strategy and
preparation do you have in c. Both exit types
place for your third-party d. We don’t have exit strategies in
vendors? place

e. Other

f. Not sure

© 2024 Venminder, Inc. 34

Sample Contract Clauses/Provisions

AUDIT ASSIGNMENT INDEMNIFICATION

“Vendor shall keep full “Neither party shall have “Client agrees to indemnify, defend, and hold harmless
and detailed accounts for the right to assign or Vendor, its employees, or agents from and against any
a period of not less than subcontract any of its loss, liability, damage, penalty, or expense (including
two (2) years and shall obligations or duties attorneys' fees, expert witness fees and cost of defense)
permit (company) to audit under this agreement they may suffer or incur as a result of (i) any failure by
up to two (2) years of without the prior written Client or any employee, agent or affiliate of Client to
reports, logs, and records consent of the other party, comply with the terms of this Agreement; (ii) any warranty
of all data at any time which consent shall not be or representation made by Client being false or
with respect to vendor’s unreasonably withheld or misleading; (iii) negligence of Client or its subcontractors,
charges, policies, delayed.” agents, or employees; or (iv) any representation or
procedures, and warranty made by Client or any employee or agent of
transactions with Client to any third person other than as specifically
(company).” authorized by this Agreement.”

© 2024 Venminder, Inc. 35

Sample Contract Clauses/Provisions
CONTINUED
GENERAL CLAUSE COVERING
SUBCONTRACTORS
“Vendor represents and warrants that to
the extent subcontractors or agents are
used to perform the obligations under this
Agreement, Vendor shall be liable for the
performance and all actions and inactions
by such subcontractors or agents to the
same extent that Vendor would be
responsible under the terms of this
Agreement for such performance as if it
had been Vendor’s own performance,
including, but not limited to intellectual
property rights, infringement, and breaches
of confidentiality.”
GENERAL COMPLIANCE
“Each party shall perform all of its obligations under this
Agreement in compliance at all times with all foreign, federal,
state and local statutes, orders, and regulations including
those relating to privacy and data protection.
Vendor is solely responsible for and agrees to perform its
obligations in a manner that complies with all applicable
national, federal, state and local laws, statutes, ordinances,
regulations, codes, and other types of government authority
(including those governing export control, unfair competition,
anti-discrimination, false advertising, privacy and data
protection, and publicity, and those identifying and requiring
permits, licenses, approvals, and other consents).”
© 2024 Venminder, Inc. 36
Sample Contract Clauses/Provisions CONTINUED
DISCLAIMER OF MUTUAL WARRANTY
WARRANTIES WARRANTIES

“Each party represents and “Company warrants that all

“The system is provided "as is"
warrants to the other that: (i) it Services it performs will be
without any warranty whatsoever.
has power, capacity, and performed consistent with
Vendor disclaims all warranties,
authority to enter into and industry practices and shall
express, implied, or statutory, to
perform its obligations under meet or exceed all
client as to any matter whatsoever,
the agreement and to make the requirements set out in the
including all implied warranties of
grant of rights contained applicable Statement of Work.
merchantability, fitness for a
herein, (ii) its performance of its Client shall report any
particular purpose, title and non-
obligations under the deficiencies in the Services
infringement of third-party rights.
agreement does not violate or (which are known to it) to
No oral or written information or
conflict with any other Company in writing within X
advice given by the vendor, or its
agreement to which it is a days of completion of the
employees or representatives, shall
party.” Services as a condition of
create a warranty or in any way
eligibility for warranty
increase the scope of vendor's
remedies.”
obligations.”
© 2024 Venminder, Inc. 37
Sample Contract Clauses/Provisions CONTINUED
TRANSITION SERVICES/TRANSITION PLAN
“Upon expiration or termination of this Agreement, Vendor will at
Vendor’s expense: (i) cooperate with and assist Client in the orderly
transition of the Services in a manner that causes no material
disruption to Client’s business or operations, (ii) continue
uninterrupted provision of the Services to Client and assist Client to
transition the Services either internally or to another third party
supplier, and (iii) assist Client to develop and implement a transition
plan to Client that is consistent with this Section and satisfactory to
Client (“Transition Plan”). Vendor will deliver the preliminary
Transition Plan to Client within X days of Client’s notice of
termination. Vendor will continue to provide the Service until the
later of: (i) expiration of the then current Term, and (ii) such time
that all Client Data has been transferred to Client or other third-
party supplier is complete. Vendor will provide the transition services
described in the Transition Plan for a period of up to X months from
the date of the notice of termination or expiration.”
© 2024 Venminder, Inc. 38
Sample Contract Clauses/Provisions CONTINUED
TERMINATION FOR CAUSE
“Either party may terminate this Agreement for (i) a material
breach by the other party which is not cured within the shorter
of X days after the receipt by the breaching party of written
notice and reasonable description of the breach as well as the
requested cure (the “Breach Notice”), or when both parties
agree that cure within such X day period following receipt of the
Breach Notice is impossible, or (ii) one party’s declaration of
insolvency or bankruptcy, or if such party is subject to any
proceedings relating to its liquidation, insolvency or undergoes
the appointment of a receiver or similar officer for it, makes an
assignment for the benefit of all or substantially all of its
creditors, or admits in writing its inability to pay its debts when
due. Upon termination of this Agreement, all licenses granted to
Customer hereunder shall terminate automatically and
Customer shall immediately cease use of the Software and
Documentation.”

© 2024 Venminder, Inc. 39

Sample Contract Clauses/Provisions CONTINUED
INSURANCE
“Service Provider shall maintain
insurance policies in the
minimum amounts stated
below. During the term of this
Agreement, Service Provider
shall not permit such insurance
to be reduced, expired, or
canceled without reasonable
prior written notice to Customer.
Upon request, Service Provider
shall provide a Certificate of
Insurance to Customer.”
LICENSE TO USE TRADEMARKS
“Subject to the limitations in this Agreement, Vendor grants Client a
revocable, nonexclusive right and license to use Vendor’s trademarks
(the "Trademarks") during the term of this Agreement solely in
conjunction with the use of the System and in accordance with
Vendor’s trademark usage guidelines. Vendor grants no rights in the
Trademarks or in any other trademark, trade name, service mark,
business name, or goodwill of Vendor except as licensed hereunder or
by separate written agreement of the parties. Client agrees that it will
not at any time during or after this Agreement assert or claim any
interest in or do anything that may adversely affect the validity of any
Trademark or any other trademark, trade name or product
designation belonging to or licensed to Vendor (including, without
limitation registering or attempting to register any Trademark or any
such other trademark, trade name or product designation). Upon
expiration or termination of this Agreement, Client will immediately
cease all display, advertising, and use of all of the Trademarks.”
© 2024 Venminder, Inc. 40
Sample Contract Clauses/Provisions CONTINUED

DISPUTE RESOLUTION (WITH ARBITRATOR)

“Disputes arising under this Agreement will be resolved by the parties through good
faith negotiations in the ordinary course of business. Any dispute not so resolved will
be submitted for binding arbitration, at the written request of either party, before a
single arbitrator under the JAMS Streamlined Arbitration Rules and Procedures in the
District of Columbia or at another location as mutually agreed. Selection of the
arbitrator will be by mutual agreement of the parties or, failing agreement within
twenty (20) days, by JAMS pursuant to its then-current rules. The amount and
responsibility for payment of arbitration costs will be one of the issues decided by the
arbitrator, whose decision will be in accordance with the terms and conditions of this
Agreement. During any such arbitration, the parties will continue diligent
performance of this Agreement. The arbitrator will render a written decision stating
reasons therefore in reasonable detail within X days. Arbitration is the exclusive
remedy for disputes arising under this Agreement; the Parties hereby waive their
rights to bring a lawsuit to resolve a dispute arising under this Agreement.”

© 2024 Venminder, Inc. 41

Tracking Clauses

• Be sure to track any standard clauses that were negotiated out

of the contract.

• This can help save time for vendor owners and legal teams if
issues arise.

• It contributes to a more holistic view of the vendor risk profile.

© 2024 Venminder, Inc. 42

4 Tips to Create a Clause Library

REFER TO REGULATIONS CONSIDER REPUTABLE

1 2
Search for important provisions based ORGANIZATIONS
on your regulatory requirements or You can look at The American Bar
guidance for easy searchability, such as: Association for sample contract from
• FDIC – Guidance for Managing software as a service (SaaS) agreements.
Third-Party Risk
• HIPAA/HHS – Business SAVE APPROVED SAMPLE CLAUSES
3 For all approved clauses from your redlining
Associate Contracts: Sample
Business Associate Agreement process, be sure to save for future use.
Provisions
• OCC – Third-Party
STAY INFORMED OF REGULATORY
Relationships: Risk 4 CHANGES
Management Guidance
As regulations change, be sure to add new
• FFIEC – Information Technology
and/or important clauses to your library.
Examination Handbook

© 2024 Venminder, Inc. 43

Key Takeaways
• Document the process for vendor contract
management within your vendor
management program.
• Plan the negotiation and strategy prior to
vendor engagement, identifying all areas of
the organization that should be involved in
the contract management process.
• Manage the risks that have been identified
during the contract management process.
• Understand that contract management
doesn’t end with contract signing and that
you must manage the ongoing vendor
relationship.
• Understand the termination provisions of the contract
to avoid unwanted renewals.
• Consider writing fourth-party requirements into your
third-party contract.
• Actively manage the delivery of the product or
service.
• Monitor the vendor’s performance to the SLAs and to
the other contract terms to ensure they’re providing
what you expect and/or requested.
• Make sure procedures for dispute resolution are
clearly defined and that you have put exit strategies
in place, should it come to that.
• Create an acceptable and approved library of contract
clauses.
© 2024 Venminder, Inc. 44
THANK YOU

© 2024 Venminder, Inc. 45

 ALSO JOIN US AT

Our Upcoming
Webinars:

MAY 21, 2024

Strategies to Mature Your Vendor Risk
Management Program

JUNE 4, 2024
Vendor Complementary User Entity Controls Click here to view our
(CUECs): What They Are and How to Use Them to Webinars Page.
Protect Your Organization

46
© 2024 Venminder, Inc. 46
Questions &
Answers

POST A QUESTION:
www.thirdpartythinktank.com

EMAIL US:
[email protected]

FOLLOW US:
@venminder

© 2024 Venminder, Inc. 47