Tools for Jira
Tools for monday.com
Have you ever wondered how many vendors your competitors have? According to research by Spendesk (2024), European small and medium-sized businesses have an average of 800 suppliers. Over 42% of them offer business services, ranging from consulting to SaaS. As for large companies, they can have thousands of vendors.
While these suppliers help you run your business smoothly, these benefits also come with potential risks. If you don’t have a clear vendor due diligence procedure, this may undermine your data security, result in financial losses, or affect your reputation.
In this article, we share a practical vendor due diligence checklist to help you establish a reliable process. By working with this checklist, your team can easily conduct due diligence step by step, following a predefined plan. This enables you to implement a consistent, standardized process and ensure that nothing is overlooked.
What is a Vendor Due Diligence Checklist and How Can it Help You?
To better understand what this checklist is, let’s start with the definition of due diligence.
Vendor due diligence is the process of conducting various checks on a potential supplier or partner. The purpose of these checks is to identify potential risks a company may face when starting a collaboration with a new vendor. This procedure enables you to protect sensitive data, ensure compliance with industry regulations, and prevent delays in receiving suppliers’ products or services.
Definition
A vendor due diligence checklist is a template featuring a predefined sequence of steps to be completed during supplier verification. It allows you to achieve greater efficiency and save time during the vendor selection and onboarding.
This checklist is especially useful to ops and procurement teams. It helps them streamline their routine tasks and eliminate repetitive actions. Every time they need to launch the due diligence process, they can start with a ready plan that already includes every necessary detail.
In addition, a vendor due diligence checklist allows you to make the verification process more thorough and better-organized. With every step documented in the plan, you can ensure nothing falls through the cracks. As a result, this helps you to better protect your organization from potential risks.
To sum up, here are the main benefits of using a vendor due diligence checklist:
- Greater efficiency and time savings
- Establishing a consistent, well-documented process
- Standardizing vendor reviews across teams
- Providing a basis for informed decisions
- Better scalability
- Improved cross-department coordination
With every detail accounted for in the checklist, organizing vendor due diligence becomes more efficient.
What Are the Main Stages of the Vendor Due Diligence Process?
The exact steps may vary depending on your industry, goals, and the risk level associated with a specific vendor. For example, when choosing a strategic partner, you will need to perform more rigorous checks than when selecting a stationary supplier.
The standard process includes the following stages:
Team allocation
Before you start, it’s important to define the scope and select the team members who will participate in the process. Depending on the vendor type, you will need to decide which departments should be involved.
Sometimes this can be handled by the procurement and legal teams, while in other cases it may be necessary to include the finance and IT departments as well. For more clarity, it’s useful to select a responsible person from each department and assign the owner of the due diligence process as a whole.
Preliminary checks
The first stage involves collecting initial company information, such as service descriptions, legal details, and data from public registries or other open sources. The goal of these checks is to establish whether the vendor meets the basic criteria. For example, whether they operate in the region you need, provide the required services, have enough experience, and so on.
Pricing and payment parameters
At this stage, you review a vendor’s offer and compare it with those of other vendors. This is when you analyze their pricing model, check how it correlates with the quality level, and assess whether it aligns with your budget.
Another important aspect to review is payment terms: whether the vendor requires a mandatory prepayment, whether they accept the payment methods you use, and what discounts they offer for large orders. Depending on the type of vendor, you can also request a demo, use a free trial, or buy a sample batch of their products.
Legal review
If the pricing and quality level meet your expectations, the potential vendor must undergo further background checks. You need to verify that they have all necessary licenses and that they operate in accordance with local regulations and industry standards. Another common practice is checking for ongoing or past legal disputes.
If the situation requires it, you may also need to review the potential supplier’s tax documentation. For large strategic partners, it might be necessary to request other financial documentation for further risk assessment.
Data security and compliance review
As the importance of privacy and data protection continues to grow, reviewing a vendor’s data security practices is a crucial step. If a vendor will have access to your company’s systems or customer information, you must ensure the safety of this data and carefully assess the cybersecurity risks.
At this stage, you need to verify their compliance with your company’s data management policies and the required certifications (e.g., ISO 27001, SOC 2). If it’s an IT service provider, you can search in the open sources for mentions of any data breaches and other security incidents involving them.
Reputational checks
At the next stage, you need to assess the reputational risk. This helps you verify whether they are a reliable partner, as well as protect your own reputation in case of any pre-existing issues.
You can search for relevant information in open sources – for example, by finding reviews on specialized platforms. Another place to check is the vendor’s social media pages.
Once completed, you will have a ready risk profile for this vendor and will be able to proceed with decision-making.
Contract terms analysis
If the vendor has successfully passed all the previous review stages, it’s time to seal the partnership with a contract. At this final stage of the vendor due diligence process, the legal team examines the service agreement and verifies that it aligns with your needs and expectations.
All the essential parameters that were checked in the previous stages should be reflected in the legal agreement. For example, data protection methods, pricing, delivery terms, security procedures, and other critical obligations. Among other things, it’s essential to examine the conditions for contract renewal, termination, and penalties in the event of delays or quality issues.
Vendor performance monitoring
The due diligence process doesn’t necessarily end with signing a contract. Once you start working with the new vendor, it’s important to check that it fulfills all its obligations as expected. You will need to monitor the vendor’s performance, evaluate the effectiveness of communication, and the quality level of their products or services. It’s also useful to ask people in your organization to test the vendor’s products and share their feedback.
For critical vendors, it’s necessary to schedule recurring due diligence checks. Typically, they are conducted annually, but can also occur more often, depending on the vendor’s associated risk level.
Conducting thorough checks throughout these stages helps you select reliable vendors and minimize associated risks.
Who Should Perform Vendor Due Diligence: 5 Key Departments
Effective vendor risk management requires collaboration among several departments. Each department evaluates vendors from its own perspective, contributing to the final decision.
It’s also important to assign a process owner who will be responsible for the end result. This will help coordinate different teams and keep track of deadlines.
The main departments involved in vendor risk assessment are:
- Procurement: This department is typically responsible for selecting vendors, conducting initial checks, comparing pricing offers, and running reputational checks. In small and medium-sized organizations, the procurement department can also handle other tasks related to vendor due diligence. For example, they can check the required licenses and certifications.
- Legal: Not surprisingly, this department plays a crucial role in the vendor selection process. The legal team conducts various background checks and, if the vendor is approved, works with the service-level agreements.
- Information Security/IT: This department’s task is to assess the vendor’s security posture and identify potential cyber risks to your organization. If it’s a strategic IT partner, the IT team might also need to assess its infrastructure and identify potential vulnerabilities. Further steps may involve reviewing the disaster recovery and incident response plans.
- Finance (optional): The finance department’s involvement is not always mandatory. The exact process varies significantly across organizations, depending on their internal policies. It’s common to have a certain threshold (i.e., <$500) for the ordered services under which the financial team’s approval is not required. However, financial reviews are usually necessary for strategic vendors. For the best result, refer to your internal procurement procedure rules.
- Department Lead – The head of the department that will be using the vendor’s products or services. This team needs to confirm that the vendor’s value proposition aligns with their needs and effectively solves their problem.
A Free Vendor Due Diligence Checklist by Titan Apps
Here is a general vendor due diligence checklist to help you organize this process. Depending on the vendor type and your internal procedures, you might need to customize this checklist by adding more steps.
For example, you can include industry-specific details for healthcare, pharmaceuticals, logistics, IT, and other industries with distinct standards and regulations.
## Vendor Due Diligence Checklist
### Define the Scope and Allocate the Team
- Decide on the scope of the necessary verifications
- Identify the departments that should be involved in the process
- Define the key decision-makers
- Appoint a responsible person in each department
- Define the owner of the vendor due diligence process
### Run the Preliminary Checks
- Gather the vendor’s legal company name, address, and contact details
- Obtain the business registration or incorporation documents
> This information can be gathered from open sources or requested directly from the vendor
- Review the description of the vendor’s products or services
> This information can be gathered from open sources or requested directly from the vendor
- Confirm how long the vendor has been operating
- Identify the key decision-makers or leadership contacts on the vendor’s side
### Verify the Pricing and Payment Parameters
- Check if the pricing is competitive/acceptable
- Confirm that the offered services meet the requirements
> Use a weighted decision matrix
- Compare the costs and value offered to other vendors’ propositions
- Verify that the payments can be made with the required method
### Conduct Legal Review
- Request the necessary licenses and permits
- Check for any past or ongoing legal disputes
- Request and review the vendor’s tax documentation
### Analyze the Data Security and Vendor Compliance Information
- Request copies of relevant certifications (e.g., ISO 27001, SOC 2)
- Verify compliance with industry regulations (e.g., GDPR, HIPAA, PCI-DSS)
- Analyze the vendor’s information security policies
>* Check if client data is used to train the vendor’s AI models
>* Check if their policies are compliant with your data handling requirements
- Review the results of third-party security audits (if applicable)
### Conduct Reputational Checks
- Gather user reviews on specialized online platforms
- Request internal reviews from your organization (if applicable)
- Evaluate vendor reliability and reputation by researching open sources
- Check the vendor’s social media presence
> Official profiles
> User mentions
### Analyze the Contract Terms
- Review proposed contract terms and SLAs
- Verify how the intellectual property will be handled
- Check contract clauses for renewal, termination, and penalties
- Identify the main points of contact for account and issue management
### Monitor Vendor Performance
- Track how the vendor fulfills the contract obligations
- Evaluate the effectiveness of communication with the vendor
- Check the quality level of the products or services the vendor delivers
- Collect feedback on the vendor’s services in your organization
- Schedule recurring due diligence checks
>* Define the frequency depending on the vendor’s associated risk level
>* Use Smart Templates to automatically generate a work item with the vendor due diligence checklist on a schedule
>* Review historical data on the vendor on the Smart Templates’ History tab
This checklist was created with the help of Smart Checklist, a solution that helps you organize your work in Jira and Monday with feature-rich checklists.
Moreover, it allows you to save your vendor due diligence checklist as a reusable template and automatically add it to work items. As a result, you can save time on creating standard tasks and ensure consistency. This is especially important if you have dozens or even hundreds of vendors to verify.
For your convenience, here’s the same checklist, now divided into sections based on the stage:
### Define the Scope and Allocate the Team
- Decide on the scope of the necessary verifications
- Identify the departments that should be involved in the process
- Define the key decision-makers
- Appoint a responsible person in each department
- Define the owner of the vendor due diligence process
### Run the Preliminary Checks
- Gather the vendor’s legal company name, address, and contact details
- Obtain the business registration or incorporation documents
> This information can be gathered from open sources or requested directly from the vendor
- Review the description of the vendor’s products or services
> This information can be gathered from open sources or requested directly from the vendor
- Confirm how long the vendor has been operating
- Identify the key decision-makers or leadership contacts on the vendor’s side
### Verify the Pricing and Payment Parameters
- Check if the pricing is competitive/acceptable
- Confirm that the offered services meet the requirements
> Use a weighted decision matrix
- Compare the costs and value offered to other vendors’ propositions
- Verify that the payments can be made with the required method
### Conduct Legal Review
- Request the necessary licenses and permits
- Check for any past or ongoing legal disputes
- Request and review the vendor’s tax documentation
### Analyze the Data Security and Vendor Compliance Information
- Request copies of relevant certifications (e.g., ISO 27001, SOC 2)
- Verify compliance with industry regulations (e.g., GDPR, HIPAA, PCI-DSS)
- Analyze the vendor’s information security policies
>* Check if client data is used to train the vendor’s AI models
>* Check if their policies are compliant with your data handling requirements
- Review the results of third-party security audits (if applicable)
### Conduct Reputational Checks
- Gather user reviews on specialized online platforms
- Request internal reviews from your organization (if applicable)
- Evaluate vendor reliability and reputation by researching open sources
- Check the vendor’s social media presence
> Official profiles
> User mentions
### Analyze the Contract Terms
- Review proposed contract terms and SLAs
- Verify how the intellectual property will be handled
- Check contract clauses for renewal, termination, and penalties
- Identify the main points of contact for account and issue management
### Monitor Vendor Performance
- Track how the vendor fulfills the contract obligations
- Evaluate the effectiveness of communication with the vendor
- Check the quality level of the products or services the vendor delivers
- Collect feedback on the vendor’s services in your organization
- Schedule recurring due diligence checks
>* Define the frequency depending on the vendor’s associated risk level
>* Use Smart Templates to automatically generate a work item with the vendor due diligence checklist on a schedule
>* Review historical data on the vendor on the Smart Templates’ History tab
How to Add a Vendor Due Diligence Checklist Template to Jira?
Note
Not using Jira? This template can also be used on Monday.com.
Install Smart Checklist to get started.
Using this checklist template in Jira saves you a lot of time. It also allows you to share your tailored checklist across your organization. This is important as it helps you coordinate all the teams involved in due diligence.
The process is quite straightforward and doesn’t require any technical skills. The setup only takes a few minutes.
- Install Smart Checklist for Jira from the Atlassian Marketplace.
- Copy the vendor due diligence checklist we shared earlier and paste it into the Smart Checklist section of your work item.
- Customize the template to better fit your industry (optional). Add or remove steps, tag responsible contributors and other stakeholders, add due dates, and include details for each step in dedicated, expandable sections. You can also add links and images, set custom workflow statuses, and mark selected steps as mandatory.
- Save the vendor due diligence checklist as a template. In the Smart Checklist menu, click the three dots (as shown in the screenshot below) and select Save as a template.
Once done, you will be able to quickly add this checklist from the saved template to Jira work items. To do this, go to the three-dot menu and select Import from a template.
Apart from adding checklists manually, you can also do this with the help of automation.
How to Automatically Assign this Checklist to Work Items?
If you have many vendors and conduct frequent due diligence, it’s helpful to optimize this process with automation. This can be easily done with Smart Checklist’s native functionality. It lets you automatically add checklist templates to work items that meet your criteria.
For example, you can add a new label to your Jira work items, “Vendor Due Diligence”. When a work item is updated, the rule checks whether it contains this label. If it does, the vendor due diligence checklist will be automatically added to that task.
Here are step-by-step instructions:
- Create a new label called “Vendor Due Diligence” for your Jira issues (work items).
- In a work item with a smart checklist, click the three-dot menu in the upper-right corner and select Manage Templates.
- Find your vendor due diligence checklist template in the list and expand it. In the panel on the right, select Advanced.
- Set your trigger – in this example, it’s Issue updated. Then, select Field -> Labels, Condition -> Contains any of, and Value -> Vendor Due Diligence.
After this, all new work items with this label will include the vendor due diligence checklist by default. When you start working on this task, all the planned steps will be clearly outlined. This can save you a lot of time, especially if you add all the necessary details to your template, such as, links to internal policies and guidelines.
If needed, you can also use checklist templates with the native Automation for Jira. For more details, please refer to our Automation for Jira Guide on Confluence.
The Benefits of Using Smart Checklist Templates
- Standardized approach – With everyone on your team using the same vendor due diligence checklist, you can evaluate vendors objectively and consistently.
- Cross-department coordination – Implementing this checklist template in Jira or Monday helps organize collaboration across departments. You can tag responsible people and add deadlines, helping them provide their input in time.
- Improved transparency – With a vendor due diligence checklist, team members and stakeholders can easily see progress at a glance.
- Better scalability and easier onboarding – When the due diligence process is documented in a smart checklist, it’s easier to involve new team members and scale up. With actionable step-by-step instructions right in Jira, it’s always clear what to do next and who to contact at each stage.
Overall, using Smart Checklist allows you to organize the vendor due diligence process more efficiently and save valuable resources.
Best Practices for Evaluating Vendors During Due Diligence
Categorize vendors by risk level
This will help you allocate your team’s resources effectively. Prepare an expanded vendor due diligence checklist for high-risk partners. If they will have access to confidential or sensitive data, they need to undergo more rigorous checks. At the same time, for smaller low-risk suppliers, the process can be shorter and simpler.
Collect requirements from the future users
To make due diligence more efficient, start by contacting the department that is planning to use the new vendor’s products or services. Ask them for their input: what problems they need to solve, what requirements they have, and what features would be the most valuable. This will help you set the right criteria and find the best fit for your organization.
Use a vendor evaluation matrix
You assess vendors on many parameters, but not all are equally important. Assign different weights to the criteria to calculate the vendor’s score. This will allow you to compare it more objectively with competitors and make a better-informed decision.
Document your findings
Maintain a record of all assessments and decisions made during due diligence. Your team may need to revisit this information later. If it’s related to a vendor who didn’t pass the security checks, your team can avoid wasting time on a supplier that doesn’t meet your requirements.
Implement continuous monitoring
Building long-term vendor relationships should involve regular checks. For critical strategic vendors, it is recommended to repeat the due diligence process annually. It might also be necessary to revalidate the vendor if there are major changes – for example, if you decide to order a new type of service from them.
Buy sample products or use a free trial
A large part of vendor due diligence is verifying formal criteria, such as certifications. However, hands-on tests are no less important. Find a way to try out your vendor’s products or services before committing to a large-scale purchase.
Depending on the supplier and their industry specifics, this can be ordering a smaller batch of goods, requesting a SaaS product trial, or buying consultancy services for a smaller project. This enables you to evaluate the quality level, produced value, and the vendor’s processes.
FAQs Related to the Vendor Due Diligence Checklist
What is Vendor Due Diligence?
This is the process of carrying out various checks to determine whether a vendor can be a reliable partner. Vendor due diligence allows you to identify potential risks and ensure compliance. The process includes stages such as legal review, data security risk assessment, compliance review, reputational checks, and contract terms analysis.
For strategic vendors, it may also be necessary to request information about their subcontractors. This is an important part of third-party risk management, especially in relation to data security.
Some organizations opt for outsourcing vendor due diligence, while others prefer to carry it out in-house.
What is a Vendor Due Diligence Questionnaire? Is it the Same as the Vendor Due Diligence Checklist?
A vendor due diligence questionnaire is a document that contains questions about your vendor’s operations, certifications, and related matters. Typically, this document is sent to the vendor, who then answers the questions and provides you with all the necessary details. After this, your team can work with the questionnaire and verify this information.
A vendor due diligence questionnaire is not the same as a vendor due diligence checklist. The latter is an internal document that you don’t usually share with the vendor. The checklist contains step-by-step instructions for performing different checks. Its purpose is to streamline the process and ensure thorough verification.
When Do You Need to Use a Vendor Due Diligence Checklist?
It’s a good practice to use it every time you conduct vendor due diligence, for example:
- When selecting a new partner
- Before starting collaboration with a new vendor
- When your requirements change
- Before a contract renewal
- When there are significant changes in the vendor’s organization (e.g., a change of ownership, a change in provided services, and so on)
- When conducting regular checks during ongoing monitoring
Implementing a standard vendor due diligence checklist allows you to optimize this time-consuming process by reusing the same plan.
What Are the Common Sources for Collecting Vendor Due Diligence Data?
You can use many different sources, ranging from your vendor’s self-assessment to third-party audits. Here are the most common ones:
- Vendor due diligence questionnaire
- Public databases and official registries
- Financial and tax documentation
- Licenses and compliance certifications
- External audit reports
- Review platforms and social media
- Internal feedback from your organization
It’s important to collect data from multiple sources rather than relying entirely on the vendor’s information.
Implement Checklist Templates For Other Recurring Tasks And Processes
Checklists are an effective tool for organizing and automating many recurring processes. In addition to the vendor due diligence checklist, consider using Smart Checklist to streamline other areas of your work. Here are some checklist templates that can be relevant for your team:
- Procurement Template for Jira
- Invoice Approval Process Template
- Jira Payroll Template
- Contract Review Template
We hope this article was helpful. Many thanks for reading!
