Vendor Risk Action Plan

An ongoing action plan to mitigate your vendor risks with monthly check-in calls

After we complete your vendor risk assessment, gather your vendor due diligence documents, and review your vendors’ financial risk, SSAE 16 risk, business continuity risk and contract risk, we create your vendor risk scorecards and then produce your examiner and Board vendor management report. Included in the examiner and Board vendor management is a vendor risk action plan.

The vendor risk action plan turns all of our recommendations into a simple action plan with dates and responsibilities to measure progress towards your vendor management goals.

Each month, we’ll have a scheduled call to review your vendor risk action plan to make sure we’re progressing on your goals.


Key Features:

  • Action plan with tasks, responsibilities and due dates to continually improve your program– updated monthly
  • Cornerstone can present to your Board to show how well you’re progressing on your plan
  • Monthly check in calls to measure progress and update plan

Learn More About Our Vendor Due Diligence Document Collection Services

Schedule a time to talk with one of our Vendor Management Consultants or, if you’re ready, request a custom pricing proposal


Contact Us Now

So, What Makes Us Different?


Let us gather and review your vendors due diligence documents, review them, score then and make risk mitigation improvement recommendations, so you can focus your time on making the best business decisions  from our recommendations.


We are in the vendor evaluation business, so we are evaluating all aspects of the major vendors every day. Not only do we review vendor financials and attend vendor earnings calls, but we meet with vendor executives every Friday to get product, company and security updates. We track vendor wins and losses , monitor changes in marketshare , evaluate their products and know about problems before they’re public.


Many competing vendor management software and services are actually resold by your moderate to high risk vendors .

This means they will only share publicly available information. We on the other hand are Gonzo and share non-public vendor dirt every day, all day.