VNDR-10 Vendor Off-boarding

Estimated reading: 2 minutes 1586 views

What is VNDR-10 Vendor Off-boarding Control?

The vendor off-boarding process ensures that contractual obligations are fulfilled and any sensitive data is destroyed. You need to ensure that the vendor can no longer access the system and that they have destroyed any data in their possession. Ensure that all the bills have been paid, and issue a stop payment to financial institutions if needed.

Available tools in the marketplace

No tool recommendation is made for this section.

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version.

Control implementation

To implement this control,

  1. Document an off-boarding checklist that includes the following components:
    1. ensure that the vendor can no longer access the system.
    2. ensure the vendor has destroyed any data in their possession.
    3. ensure that all the bills have been paid and issue a stop payment to financial institutions if needed.
  2. Monitor the vendor’s lifecycle, and for any terminated vendors, ensure that the off-boarding checklist is used to properly end the relationship.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

  1. Provide the most recently completed off-boarding checklist along with supporting evidence (access removal, invoice, etc.)

Evidence example

For the suggested action, an example is provided below:

  1. Provide the most recently completed off-boarding checklist along with supporting evidence (access removal, invoice, etc.)
    The off-boarding checklist can be completed using the template available within TrustCloud, along with additional evidence such as:

    1. Access removal ticket for the vendor
    2. Final Invoice Paid Receipts

The following screenshot shows the disabling of vendors in TrustCloud.
VNDR 10 Vendor Off boarding

Join the conversation

