Docy Child

VNDR-5 Vendor Agreement

Estimated reading: 2 minutes 535 views

What is this control about?

A vendor agreement establishes the business relationship conditions and includes details on each party’s obligations under the contract.

Nowadays, online agreements or terms of use are provided as agreements unless specifically requested.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, because we haven’t personally used them. 

Vendor Management Tools
Rockey lawyer 

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

  • N/A – no templates recommendation

Control implementation

Note: This control is 100% automated by TrustCloud. Upload your MSA or terms of use template in the vendor section for each vendor to enjoy the benefit of automation

For a manual implementation: 

Work with Legal to draft a vendor contract agreement. It is important to ensure that the agreement include the key following:

  • Scope – that describes the products or services included in the contract and how those products or services will be delivered.
  • Security Responsibilities – this is critical for the compliance requirements, your responsibilities and your vendor responsibilities in terms of security, confidentiality, availability must be documented.
  • Timing – establish when the vendor will be paid, when the goods or services will be delivered and when the business relationship will end.
  • Price and Payment – establish the price paid in return for the vendor’s performance
  • Termination – any steps either party can take if they are to complete the contract early.
  • Consequences – will also detail consequences should either party not fulfill their duties and obligations under the contract.

What evidence do auditors look for?

Most auditors, at a minimum are looking for the below suggested action:

  • Provide the most recent signed vendor contract

Evidence example

From the suggested action above, an example is provided below.

  1. Provide the most recent signed vendor contract.

This can be a link to the User Agreement within the vendor section of TrustCloud Trust Ops that is acknowledged during the vendor onboarding process; for example this AWS agreement is available online.


A signed contract by both parties within the vendor section of TrustCloud Trust Ops

Full copy including the signed page

[Google search results of vendor agreement]

VNDR 5 screenshot1

Join the conversation

Twitter Facebook LinkedIn

❤️  Joyfully crafted by a 100% distributed team.