Vendor Onboarding Checklist

When to use this

Used by procurement or operations. Each section has an owner. Critical for any vendor handling data or integrating with our systems.

# Vendor Onboarding Checklist — [Vendor name]

## Commercial
- [ ] Contract negotiated and signed
- [ ] Internal sponsor named
- [ ] Cost-centre allocation agreed
- [ ] Payment terms set up in finance system

## Security and data
- [ ] Information security review completed (if data processor)
- [ ] Data processing agreement signed (if personal data involved)
- [ ] SOC 2 / equivalent reviewed
- [ ] Penetration test or security questionnaire received
- [ ] Sub-processors disclosed and acceptable

## Access
- [ ] System access provisioned (least privilege)
- [ ] MFA enforced on integration accounts
- [ ] Named users on vendor side documented
- [ ] Offboarding plan agreed in writing

## Operational
- [ ] SLAs documented and shared
- [ ] Escalation contacts known on both sides
- [ ] Kickoff call held
- [ ] First 30-day check-in booked

## Internal comms
- [ ] Internal stakeholders notified
- [ ] Help-desk team briefed (if customer-affecting)
- [ ] Documentation added to internal wiki
- [ ] Vendor entry added to vendor register

## Compliance
- [ ] Records added to procurement system
- [ ] Risk register updated
- [ ] Tax / VAT registration of vendor verified