VNDR-5 Vendor Agreement

Estimated reading: 3 minutes 1662 views

What is VNDR-5 Vendor Agreement Control?

A vendor agreement establishes the business relationship conditions and includes details on each party’s obligations under the contract.

Nowadays, online agreements or terms of use are provided as agreements unless specifically requested.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, as we haven’t used them.

Vendor Management Tools
Rockey lawyer 

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version.

  • N/A: No template recommendation is made for this control

Control implementation

NOTE: This control is 100% automated by TrustCloud. Upload your MSA or terms of use template in the vendor section for each vendor to enjoy the benefits of automation.

For a manual implementation:

Work with Legal to draft a vendor contract agreement. It is important to ensure that the agreement includes the following:

  1. scope: that describes the products or services included in the contract and how those products or services will be delivered.
  2. Security Responsibilities: This is critical for the compliance requirements; your responsibilities and your vendor’s responsibilities in terms of security, confidentiality, and availability must be documented.
  3. Timing: establish when the vendor will be paid, when the goods or services will be delivered, and when the business relationship will end.
  4. Price and Payment: Establish the price paid in return for the vendor’s performance.
  5. Termination: any steps either party can take if they are to complete the contract early.
  6. Consequences: details of the consequences if either party does not fulfill their duties and obligations under the contract

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

  1. Provide the most recent signed vendor contract.

Evidence example

For the suggested action, an example is provided below:

  1. Provide the most recent signed vendor contract.
    This can be a link to the User Agreement within the vendor section of TrustCloud’s Trust Ops that is acknowledged during the vendor onboarding process; for example, this AWS agreement is available online.
    This can be a signed contract by both parties within the vendor section of TrustCloud’s Trust Ops. A full copy of the contract, including the signed page.
    The following screenshot shows the vendor agreement with the signed page. [Google search results for vendor agreement]
    VNDR 5 Vendor Agreement

Join the conversation

