1) We establish a governance process.
In other words, we evaluate the suppliers from a business continuity perspective.
2) We assess the threats and risks facing the vendor.
We get a handle on the specific dangers and vulnerabilities to which that company is exposed. If you depend on them to provide business critical products or services, their problems are our problems. We risk assess to make sure you have peace of mind in your ordering process.
3) We go visit these vendors.
The best way to evaluate most of the threats and risks is to go to the vendor’s facility and look around. There is no better way to find out whether their level of security is as good as they claim or if that backup generator they told you about on the phone is really capable of supporting their whole operation. On-site visits are revealing in so many ways and this is why we follow this process to create trust.
4) Get it in writing.
A vendor agreement is put in place with each vetted vendor. These will have terms and conditions of being a vetted vendor to make sure all parties from buyers to the vendor themselves are protected and to make sure there is a level of service that makes sense.