Skip to content
Mask group (7)
Mask group (6)
Risk Assessment

6 Tips to Help You Vet Your Third-party Vendors

Written by: Michael Herrera

Get notified when we post

Prepare For the Worst with the Best in the Business

Experience capable, consistent, and easy-to-use business continuity management software.

The global supply chain is in better shape than it was during the pandemic, but challenges remain and future disruptions are inevitable. In today’s post, we’ll share six tips to help you do a better job of vetting your third-party vendors.

Only as Strong as Its Weakest Link

Do you remember the scene three years ago when container ships were backed up outside the port of Los Angeles as far as the eye could see? The situation of the global supply chain has greatly improved, but there are still plenty of threats to the movement of goods around the world. These include the war in Ukraine, tension with China, the attacks by the Houthis on Red Sea shipping, extreme weather, cyberattacks, and power outages, to name a few.

What’s more, individual companies in the chain—going all the way back to your suppliers and their suppliers—are all subject to the usual array of local disruptions.

Your company can have the best business continuity program in the world, but if your critical vendors are vulnerable, you are vulnerable. A chain is only as strong as its weakest link, and an enterprise is only as robust as its least disaster-proof critical supplier.

In a recent article recounting the story of the 2021 container ship pileup (“The Floating Traffic Jam That Freaked Us All Out”), the New York Times says, “The Great Supply Chain Disruption is not some curious piece of recent history. It is a preview of the dysfunction that surely lies ahead if we fail to get the machine in order.”

And a White House issue brief on supply chain resilience from late last year notes that, “While shocks are inevitable—and weather-related shocks are likely to become more common over the next decade due to climate change—diversified supply chains are able to withstand shocks and recover when they occur.”

Vetting Third-Party Vendors

In the spirit of helping you improve the resilience of your company’s supply chain, here are my six tips to help you vet your third-party vendors from a business continuity perspective:

1) Establish a governance process. Do what you can to get your organization to require you to evaluate your suppliers from a business continuity perspective. Everything starts with senior management. If there’s not an oversight group responsible for vetting the supply chain, it will be hard to get your procurement people to go to the vendors and say you have to evaluate them on a business continuity basis.

2) Identify your critical vendors. You might have 50 vendors or 500. You have to start somewhere. To invest your limited resources where it will do the most good, rank your vendors by importance. Identify the five or six that are most vital to your enterprise. In evaluating the relative importance of each supplier, ask questions such as the following: How important is the vendor’s product to the processes of your company? Does the vendor supply a commodity which you can easily find elsewhere or a specialized product with few or no other potential suppliers? One of the best tools for helping you work through these questions is a Business Impact Analysis. (Another good tool is Compliance Confidence, part of the business continuity software suite created by MHA’s sister company, BCMMETRICSTM.)

3) Assess the threats and risks facing the vendor. Are they in hurricane country? Tornado Alley? Across the ocean? Is their facility located across the street from a chemical plant? How is their plant security? Their cyber security? Do they have a stable workforce or high turnover? What is their financial situation? Get a handle on the specific dangers and vulnerabilities to which that company is exposed. If you depend on them to provide business critical products or services, their problems are your problems.

4)  Pay them a visit. The best way to evaluate most of the threats and risks mentioned above is to go to the vendor’s facility and look around. It’s expensive, but for your critical vendors it’s well worth it. There is no better way to find out whether their level of security is as good as they claim or if that backup generator they told you about on the phone is really capable of supporting their whole operation. On-site visits are revealing in so many ways. You can tell a lot just by how happy they are to see you. If they are welcoming, prepared, and open, then great. Those are reasons for confidence. If they seem nervous over your being there, maybe you should be nervous about depending on them for a key part of your business.

5) Get it in writing. The ideal situation is for the vendor to agree to your business continuity requirements and for the terms to be included in your supply agreement with the vendor. A good agreement will say that the vendor must have a plan, that you have a right to inspect the plan, and that you have a right to on-site visits. The agreement should also set forth the consequences to the vendor for any disruption of theirs that impacts you. If a problem at their plant forces the shutdown of your production line, they should cover your losses. What if the vendor is reluctant to make such an agreement? Try pointing out to them how having a strong business continuity program doesn’t protect only your company, it also strengthens theirs. Even so, some vendors might not be willing to come to terms with you, because you are too small of a customer or for some other reason. This is why we have Tip No. 6.

6) Be proactive. There are two ways to be proactive about vendors. First, keep in touch with them when they are dealing with problems such as storms or fires. If you see on the news that a storm is headed their way, reach out to them and see if they foresee any impacts.Remind them (diplomatically) that you are depending on them. Ask what they are going to do to prevent or fix the disruption.The second kind of proactivity is more strategic. It involves finding alternate suppliers you can turn to if your original supplier falters. It also includes finding vendors who take business continuity as seriously as you do and are willing to enter into agreements with you to ensure that everyone’s needs are protected. If a vendor gives you the brushoff when you ask about their BC plan or try to set up an on-site visit, start looking for a vendor who can provide the same product but is also willing to partner with you to safeguard your supply chain.

Bolstering Supply Chain Resilience

The persistent vulnerability of the global supply chain underscores the need for rigorous vetting of third-party vendors. By establishing a governance process, identifying critical vendors, assessing risks, conducting site visits, formalizing agreements, and being proactive, companies can bolster their supply chain resilience.

Your company’s fortunes depend on its ability to obtain needed goods and services in a timely manner. By following the tips above, you can improve the chances your company will have the supplies it needs to continue its operations, regardless of the disruptions might occur down the street or around the world.


Mask group (5)

Business Continuity Software for Companies that Mean Business

We understand your need to protect your organization in the face of rising threats while juggling with limited resources, inadequate manual tools, or even overly complicated BC software.

Other resources you might enjoy

Reduce Business Continuity Failures by Avoiding These Two Common Mistakes

Most of the time when organizations suffer significant...

Ensuring Compliance Using Compliance Confidence

Coming into compliance with business continuity regulations...

Ready to start focusing on higher-level challenges?