SOC Reports & Vendor Management: Easy as 1, 2, 3


If you’re a financial institution, you’re hopefully already aware that you’re required to collect SOC reports from your vendors. If you’re not a financial institution, you might want to consider collecting them anyway. Why? Because SOC reports, particularly SOC 2 reports, are the perfect vendor management tool. And the best part is that the work is already done for you, all you have to do is request them from your vendor.
Not only is this report extremely useful when examining the controls of a vendor, but it also gives you insight into your vendor’s vendors. That’s right, we’re talking 4th-party risk assessment potential. It truly is the perfect vendor management tool. But how can it be used in practice? Let’s run through the six stages of the vendor management framework to find out.
Stages 1 & 2: Sourcing & Procurement:
Stages 3 & 4: Contracting & Onboarding:
Stages 5 & 6: Purchase to Pay & Oversight / Optimization:

Author: Tom Rogers
Job Title: CEO
Organization: Vendor Centric
Do you like what you are reading?