In speaking with customers and prospects, we realize that one of the biggest pain points around third party risk management (TPRM) is communication with vendors. It’s hard to set expectations and discuss findings via email, as ginormous threads are generated by a constant back & forth, lost attachments, and simply too much time. So how to improve communication with vendors?
First, let’s start by defining it. The topics you might want to discuss or communicate about with a vendor cover the entire risk assessment and mitigation process, including the intake, the requirements, and the findings on those requirements. For example:
- Insurances, certifications, and audits you want them to provide
- Questionnaires you want them to fill out
- Questions about submitted documentation
- Questions about what services, tools, or procedures the vendor is going to provide
So why is it important to have fluent communication? Because it’s the only way to express your expectations and be clear about what you’re looking for.
Communicating over email threads with spreadsheets attached is too time consuming and often impractical, as information gets lost in the way. Not to mention it’s hard to search and report on specific documents.
The solution, of course, is technology. Our ThirdPartyTrust platform facilitates interaction and collaboration with vendors, thus solving one of the biggest challenges of CISOs and risk managers across several industries.
If an issue arises regarding a security assessment, you can have a direct conversation with your vendor without leaving the platform. This ultimately cuts down the back and forth and lowers the amount of emails and calls.
Read more: How to run an enterprise class third-party risk management program
Vendor Communication Best Practices
Without a dedicated TPRM tool, it’s difficult to achieve what you’re expecting from a vendor via email. A few points to consider:
- Back & forth via email takes an average 3 months, whereas a platform can shorten it to 2-5 weeks.
- Email threads make it difficult to retrieve specific information, whereas a fit-for-purpose solution can offer a dashboard, a chat, and an audit trail with a clear picture of what everyone did and when, as well as the ability to report.
- If you’re asking too much of a vendor or if the process turns out to be too exhausting for any of the parts, you might end up losing contracts. However, a dedicated tool will streamline the process.
A final tip: be reasonable with requirements and time frames to further improve communication. You can’t expect the same from a small shop than from a big enterprise, and it’s not the same to ask for a 10-question custom questionnaire than for a SIG Full questionnaire.
To learn more about how ThirdPartyTrust can help you streamline vendor communication, request your free trial now:
