Skip to main content
Glossary

Vendor Due Diligence

The assessment process conducted before engaging a third-party vendor, evaluating their security posture, financial stability, compliance status, and operational reliability. Due diligence happens before the contract. Ongoing monitoring happens after.

Why it matters

Onboarding a vendor without due diligence is accepting unknown risk. You are granting access to your data, systems, or processes based on trust rather than evidence. Due diligence surfaces red flags early: missing certifications, weak security practices, jurisdictional risks, or financial instability. Discovering these issues after signing a contract is exponentially more expensive than discovering them before.

In practice

Vendor due diligence involves sending security questionnaires, reviewing certifications (ISO 27001, SOC 2), checking sub-processor arrangements, evaluating data processing agreements, and assessing business continuity capabilities. The depth of assessment should match the risk: a critical data processor gets more scrutiny than a stationery supplier. In vucavoid, third-party records support structured assessment workflows with risk and reliability scoring, ensuring every vendor is evaluated proportionally to the risk they introduce.

Related terms

Data Processing Agreement (DPA)

A binding contract governing how personal data is handled when shared with a third-party processor.

Third-Party Risk Management

Identifying, assessing, and controlling risks introduced by external vendors and service providers.

Cookie Use on Our Site

To ensure the smooth functioning of our website, we use a limited number of cookies. These cookies are essential for providing you with the services available on our website and to use some of its features. Here is a brief overview:
  • vucavoid_session: This cookie is essential for user authentication. It ensures that your session is secure and recognizes you as you navigate through our site.
  • XSRF-TOKEN: This cookie is critical for website security. It helps protect against cross-site request forgery attacks.
  • latest_marketing_banner_visible_{MARKETING_BANNER_ID}: This cookie simply remembers if you have seen our latest site banner, enhancing your browsing experience without tracking your personal data.

These cookies are strictly necessary to deliver the website, and therefore, we do not require your consent to place these cookies. For more information, please visit our Privacy Policy.