Looking Ahead at 2018: Vendor Management

Looking Ahead at 2018: Vendor Management

Upcoming trends in vendor management for 2018 have one thing in common: the need for companies to apply consistent processes to their business practices. To ensure continued compliance with data protection and cybersecurity requirements, companies will need to understand the impact of these ever-changing regulations on their business and supply chains.  

In the coming year, new developments and changes to major regulations such as the European Union General Data Protection Regulation (EU GDPR) and the Defense Federal Acquisition Regulation Supplement (DFARS) will require companies in scope to carefully assess their businesses practices. They must implement efficient, consistent programs that align with industry standards and leverage supply chain data to meet their requirements.

What vendor management trends and changes should your company be aware of in the coming year?

Changes to the EU General Data Protection Regulation

In April 2016, the EU GDPR was updated to increase the protection of personal data belonging to all European Union residents, regardless of the physical location of the company processing their data. Some key changes to the regulation include:

  • EU citizens have ownership of their personal identifiable information (PII)
  • EU citizens have the right to be forgotten
  • Parties outside the EU that handle EU data subject information must comply with the regulation

These new GDPR requirements will come into force on May 25, 2018. In-scope companies should facilitate compliance by conducting internal reviews, privacy impact assessments and data mapping of PII. Any cloud provider or supply chain vendor with access to PII should be subject to surveys and queries that are consistent with other business practices and controls of the company.

 The Vendor Management Suite helps companies manage vendor partnerships and ensure unrestricted access to the global marketplace. Download the guide to the Assent Compliance Vendor Management Suite to learn more.

Cybersecurity Requirements Are Growing

In today’s digital world, cybersecurity breaches are becoming increasingly more common. Governments and customers are responding to these breaches by implementing more stringent cybersecurity controls and programs both internally and to in-scope supply chains.

Regulatory and industry-specific standards have been developed to define what security standards and corrective actions should look like for companies. Each standard has its own set of requirements flowing down the supply chain. Companies should be aware of their requirements, and those of their vendors and suppliers, under these standards:

  • NIST 800-171
  • SOC-2 Type 2
  • ISO/IEC 27001

The global nature of supply chains often means companies may need to comply with more than one cybersecurity regulation, further reinforcing the need for standardized business practices. To protect their business contracts, companies need to place importance on quality cybersecurity systems, and regular surveys and audits, that align with in-scope industry standards and contractual requirements mandated by customers and governments.

New Contracting Requirements for Department of Defense

Recently, the U.S. Department of Defence (DoD) reacted to a series of economic impacts to its supply chain by establishing new flow-down contractual requirements that change how prime contractors and their subcontractors implement their compliance programs for DoD contracts.

In the wake of these changes to contracting policies, companies will need to ensure due diligence is the core focus of their compliance programs. In the past, companies were able to demonstrate due diligence by showing Defense Federal Acquisition Regulation Supplement (DFARS) flow-downs were incorporated into their subcontracts’ terms and conditions. Now, the following DFARS flow-downs are changing the way companies demonstrate due diligence as a result of more stringent requirements and the incorporation of standards:  

  • DFARS 252.204-7012.ii. A Safeguarding Covered Defense Information and Cyber Incident Reporting (2016)
  • DFARS 252.246-7007 Contractor Counterfeit Electronic Part Detection and Avoidance System (2016)
  • DFARS 252.222-7007 Representation Regarding Combating Trafficking in Persons (January 2015)
  • DFARS 252.225-7009 Restriction on Acquisition of Certain Articles Containing Specialty Metals (2014)

The DoD will audit to look for compliance with these flow-downs by focusing on detection systems and programs that pass the necessary information back to their prime contractors.  Ensuring these systems are in place will be essential to avoiding the loss of contracting opportunities.

The Rise of Protectionist Trade Policies

Regulations that impact where companies can source their materials are nothing new. However, new rules are developing that could have a substantial impact on trade.

In 2018, the anticipated decline of free trade agreements in the U.S. will result in increased due diligence requirements for companies in scope of the Country of Origin (COO) marking requirement and the Buy America Act. Companies could face a loss of control over the selling price of their products and importers could face significant financial consequences arising from unpredictable tariffs and duties. It is increasingly important for companies to understand where their products are coming from, and to gather COO certificates for the products they are purchasing to show where their products are made. In light of these rules, companies need to conduct proper due diligence as a mechanism to avoid duties and tariffs, which could dramatically impact their bottom line.

In the wake of the United Kingdom’s withdrawal from the European Union (EU), better known as Brexit, companies around the world have had to assess the impact on the sale and import of their products in Britain, which may no longer receive favorable access to member states of the EU/EEA. Companies that manufacture in the UK, or import through it, are expected to face significant difficulty importing their products without access to the EU’s markets.

To protect themselves from the financial impact of these disruptions to free trade in two of the world’s largest markets, companies must ensure they have vital data on the origin of their products and leverage it effectively as new rules develop. Companies must survey their supply chains for COO data, and proactively assess the impacts of where their products and the components within their products originated.

The Future of Vendor Management

The future of vendor management, in 2018 and beyond, requires companies to place emphasis on consistent, efficient programs with a high degree of supply chain transparency. To ensure security in the global marketplace and protect their online data, companies will need to take a proactive approach to compliance and supply chain data management in response to these increasingly rigorous regulatory requirements.   

The Assent Compliance Platform delivers efficient data collection, validation and management for an extensive scope of regulatory requirements through one centralized solution. Partnering with Assent gives you access to our team of in-house regulatory experts, ensuring you have the information you need to remain ahead of your compliance challenges. Contact us today at info@assentcompliance.com to learn more about how Assent can help.