Vendor Management Policy - Download Free Template
Vendor Management Policy

Edit Template






[COMPANY NAME] is committed to ensuring coordinate and consistent management of critical vendors as part of its overall management, maintain member privacy and confidentiality of member information. [COMPANY NAME] is ensures full compliance with the requirements applicable law and regulations regarding risk management, vendor, and contract management of third-party service providers.





The purpose of the Vendor Management Policy is to provide written guidelines surrounding the procurement of third-party services and products in accordance with [COMPANY NAME] (the Company) mission, obligations, and ongoing administration of Company functions.





This policy applies to all vendors and service providers. [COMPANY NAME] must enforce this policy and vendors and suppliers are required to follow.






A “Vendor, also referred to as a “seller, is an enterprise that contributes goods or services to other business partners.





Business Owners will evaluate all vendor products and services, negotiate the prices, and negotiate the contract terms before contracting with the vendor. The type of evaluation will vary and should be commensurate with risk, complexity and product or service cost. A formal due diligence analysis will be conducted for any relationship where the combined implementation and annual contract costs exceed [TOTAL COST].



A Business Owner has the discretion to alter this amount or waive this requirement up to his/her authorized signing limits. Any alteration of the amount or waiver of this requirement must be documented in the due diligence file of the 3rd party vendor.



Verbal product and service agreements are prohibited. All vendors must provide, depending upon the services and products engaged, a purchase invoice, legal contract and/or service agreement.



The Bu


Owner will appoint, as needed, appropriate staff members to perform a due diligence review prior to entering any arrangement with a third-party vendor and due diligence reviews for existing third-party vendors.



The Business Owner will review the contract(s) along with the supporting due diligence in order to determine if any outstanding issues exist.



If then willing to contract with a vendor, the Business Owner will execute the contract and proceed with implementation of service or product as defined in Section I above (New Product or Service Provider)




Business Owners will have the responsibility for the management of the vendor relationship.



The Business Owner, either directly or through the assistance of staff will conduct oversight reviews for third party services in accordance the appropriate laws, regulations, and policies/procedures.



The Business Owner will record the results of the oversight review for the third-party services and will determine the appropriate action. This will include reporting the results to management or the board, if necessary, who will then determine the appropriate action.



Appropriate action is defined as one of the following actions:


Approval to continue service with vendor;

Approval to continue service with the vendor, but on conditions of additional information and/or more frequent review;

Begin a process to review other vendors; or

Terminate the service/product for the credit union





Vendor reviews may require external legal review. The Business Owner

or the Senior Executives can request external legal counsel. Legal review may be

required when one or more

of the following conditions exist:


The contract exceeds


in cumulative fees or annual recurring cost;

The relationship and/or the contract is unusually complex in terms of operational matters, legal terms and provisions, fee structures, third party involvement and/or the potential for excessive liability

to the company


The vendor is critical to operations and its reputation is not known or it has limited market presence;

Vendor is unwilling to amend or include critical contract changes requested by the






The Business Owner

assigns a vendor risk rating at the time of engagement and is reviewed periodically through the term of the contract. The Business Owner

should base criticality on the following elements:


Impact to operations if the service or product was suddenly not available and/or excessive liability to the credit union.


Degree of difficulty involved in finding and implementing a service or product replacement.

Financial Commitment:

Higher financial commitment equates to higher risk of financial loss if relationship were to fail.


Vendors with substandard or unproven performance require a higher degree of monitoring by the Business Owner.

Regulatory Impact:

Vendor’s ability to impact the credit union’s level of regulatory compliance.

Business Impact:

Vendor’s ability to impact business reputation or strategy.





Business Owners will schedule their vendor review dates. Review dates are

flexible and may be set to coincide with the vendor’s fiscal or calendar financial reporting dates, annual contract renewals, service issues or receipt of internal control reports.

Business Owners will record annual

vendor reviews. Material adverse issues should be clearly documented and brought to the attention of management.

Review standards include performance, internal controls and financial.






I acknowledge that I have received a copy of the [COMPANY NAME] Vendor Management Policy. I have read and understand the policy. I understand that, if I violate the policy, I may be subject to disciplinary action, including termination. I further understand that I will contact my supervisor if I have any questions about any aspect of the policy.









Authorized Signature Authorized Signature


Print Name and Title Print Name and Title