VENDOR RISK MANAGEMENT AUDIT FRAMEWORK TEMPLATE

VENDOR INFORMATION REQUIRED DOCUMENTATION

NOTES
No. VENDOR NAME LAST AUDIT DATENEXT AUDIT DATE VENDOR TYPE VENDOR PURPOSE RISK RATING PROCESS AND PROCEDURES REPORT DOCUMENTATION

1 MEETS EXPECTATION

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27
28

29

30

31

32

33

34

35

36

37

38

39

40
VENDOR DOCUMENTATION TEMPLATE
Ref. No. DOCUMENTATION DESCRIPTION ASSIGNED TO DOCUMENT LOCATION DATE LAST UPDATED NEXT REVIEW DATE STATUS

1 Risk Assessment

1.1 Risk Rating

1.3 Vendor Categorization

1.4 Vendor Questionnaire

2 Risk Management Policies

2.1 HR Security

2.2 Environmental Security

2.3 System Security

2.4 Data Security

2.5 Access Control Requirements

2.6 Vendor Management Program

2.7 Disaster Recovery

2.8 Compliance Requirements

3 Process and Procedures

3.1 Vendor Management Review

3.2 Vendor Due Diligence

3.4 Metrics and Reports for Vendor Review

4 Report Documentation

4.1 Audit Reports

4.2 Financial Reports

4.3 Controls

4.5 Control Change Management

5 Other

5.1 Document 1

5.2 Document 2

5.3 Document 3