High Priority

Vendor Management Policy

Establishes requirements for assessing, selecting, and monitoring third-party vendors and service providers.

Third-Party & Vendor 8-12 pages Updated 2025-01-10 Annual review
Included with All Packages

Get this document plus 100+ more with any security package.

View Security Packages

Starting at $1,997

About This Document

Defines the vendor risk management lifecycle including due diligence, security assessment, contracting requirements, and ongoing monitoring. Covers vendor tiering based on data access and criticality.

What's Included

  • Vendor risk tiering criteria
  • Due diligence requirements
  • Security assessment procedures
  • Contract requirements
  • Ongoing monitoring requirements

Framework Compliance Mappings

This document helps satisfy the following compliance requirements:

SOC 2

SOC 2 Type II

CC9.2

ISO 27001

ISO/IEC 27001:2022

A.5.19 A.5.20 A.5.21 A.5.22

HIPAA

Health Insurance Portability and Accountability Act

164.308(b)(1) 164.314

PCI DSS

Payment Card Industry Data Security Standard 4.0.1

12.8

NIST

NIST Cybersecurity Framework 2.0

ID.SC-1 ID.SC-2 ID.SC-4

GDPR

General Data Protection Regulation

Art. 28

Who Needs This Document?

  • All organizations using vendors

Document Specifications

Format
docx, gdoc
Length
8-12 pages
Version
v2.0
Last Updated
2025-01-10
Review Cycle
Annual

Related Documents

Need Help?

Not sure if this document is right for your organization? We can help.

Get in Touch

Get Vendor Management Policy + 100 More Documents

Full document library included with any security package. Professional templates, framework-mapped, ready to customize.

View Security Packages