Vendor Off-Boarding Checklist
— Best Practices for Reducing Vendor Risk ( Part-2)
Offboarding a vendor is a critical step within the third-party risk management lifecycle. It’s important to remember that the details of the process need to be established even before entering into a contract. This checklist help to identify the important steps and actions that are generally needed when offboarding a vendor.
PRE-CONTRACT CHECKLIST
Prior engaging a vendor and signing the contract, the following to be done
| S. NO | Questionnaire | Yes/No |
| 1 | Will our organization face any difficulties if we decide to terminate the contract? | |
| 2 | Can we include specific contractual laws to help minimize the impact of ending the vendor relationship | |
| 3 | Are there any costs in On boarding and Off boarding costs? | |
| 4 | If the vendor is critical or high risk, do we have an exit strategy in place? | |
| 5 | Does the contract include details about how the vendor submits the confidential data after termination? |
OFF BOARDING CHECK LIST
When deciding to terminate the vendor contract, consider the following Check list
| S.NO | Questionnaire | Yes/No |
| 1 | Is the vendor considered critical to our operations? | |
| 2 | Is termination the ultimate action? | |
| 3 | What are the requirements to terminate the contract? | |
| 4 | What is the reason for termination? | |
| 5 | Do we need to notify or seek approval from the board to terminate the vendor? | |
| 6 | Does the vendor have any access credentials that need to be terminated (for systems, data or suppliers facilities)? | |
| 7 | Which termination activities are our responsibility and which ones are the vendor’s responsibility? | |
| 8 | Do we have any record retention requirements for the vendor? | |
| 9 | Is there any notice period prior termination? | |
| 10 | Do we need to perform any risk assessments before, during or after offboarding the vendor? |
Continuous Monitor of Off-Boarded Vendors
The offboarding process will differ based on the vendor and the organization. Even though the contract has been terminated and all tasks have been successfully completed, risks to your systems and data, as well as compliance or reputational risks, can still emerge long after the relationship ends.
Continuously monitoring multiple risk vectors will ensure that your team has extended visibility into potential future risks. Overall, making sure to keep the lines of communication open with the vendor and appropriate stakeholders keeps the transition effectual for both parties.
NOTE: This checklist is not comprehensive. It provides a list of common sources of information and criteria to help the supplier make more informed offboarding decisions, and it can be customized for the organization’s unique needs.
