Loading...
Templates Inspections SEO page

Run: Vendor Due Diligence and Third-Party Risk Review

Use this vendor due diligence and third-party risk review template to document a critical supplier’s security, financial, continuity, and contract controls i...

Fill this out, get a PDF emailed to you. No account required. Want to run it with your team and track results? Sign up free →

Inspection Details and Scope

Record the legal entity name, service description, and business unit using the service.
Capture whether this is onboarding, annual review, renewal, or event-driven reassessment.
Confirm the assigned risk tier for this vendor.
Confirm the due diligence file includes current questionnaires, certifications, SOC reports, financial statements, and contract documents as applicable.

Security and Access Controls

Verify the vendor maintains documented access control standards aligned to least privilege and role-based access.
Confirm MFA is required for privileged accounts and remote administrative access.
Verify encryption controls are in place for sensitive or regulated data handled by the vendor.
Document the vendor's vulnerability scanning frequency, patch timelines, and remediation escalation process.
Record the required notification window for security incidents.
Confirm the most recent independent security assessment or attestation is current.

Financial Condition and Business Continuity

Confirm the most recent audited or reviewed financial statements were obtained and analyzed.
Indicate whether any material liquidity, solvency, or going-concern concerns were identified during review.
Verify the vendor has a documented and tested BCP/DR plan appropriate to the service criticality.
Record the date of the most recent business continuity or disaster recovery exercise.

Contract Provisions and Legal Safeguards

Verify the agreement includes confidentiality, data handling, and privacy obligations appropriate to the data processed.
Confirm the contract grants the organization the right to audit, assess, or obtain independent assurance reports.
Verify the vendor must flow down applicable security, confidentiality, and compliance obligations to subcontractors.
Summarize termination rights, data return/deletion obligations, and transition assistance terms.
Confirm the vendor's insurance coverage is current and meets contractual minimums.

Compliance, Monitoring, and Findings

Identify the obligations applicable to this vendor relationship.
Confirm prior deficiencies or non-conformances have documented owners, due dates, and closure evidence.
Document the final disposition of the review.
Signature of the reviewer completing the due diligence assessment.

Get your results

Enter your email — we'll send you a PDF of your filled-out template, plus the occasional MangoScoop newsletter (templates, workflow tips, product updates). Unsubscribe anytime — link is in every email.

Generated with MangoApps Templates — browse 250+ free
Ask AI Product Advisor

Hi! I'm the MangoApps Product Advisor. I can help you with:

  • Understanding our 40+ workplace apps
  • Finding the right solution for your needs
  • Answering questions about pricing and features
  • Pointing you to free tools you can try right now

What would you like to know?

AI-generated responses may not be 100% accurate