Managing vendor relationships: Takeaways from the Beltug X-change of 27/02/2018


More and more aspects of the IT environment are being outsourced to third parties. While this approach offers many benefits, managing vendor relationships becomes increasingly critical. So what should your contracts look like/include? What is the ‘real’ difference between a ‘supplier’ or a ‘partner’? How can you be sure your technological development matches up with the vendor’s? How can you require the vendor to use the same level of security as your company? And what about SLAs, follow-up, etc? 


Presentations from the event are available, exclusively for Beltug members (after login):


Beltug presentation: Managing vendor management and keeping them safe

Agfa presentation: Driving value through vendor management

Barry Callebaut presentation: A Third-party vendor information security policy: where’s the liability?


At this X-change, we first heard from Wouter Machiels of Agfa about the company's approach to vendor management. Then, following an introduction by Pierre Verbraeken of Barry Callebaut, we engaged in an interactive roundtable on vendor management and IT security.


Wouter Machiels is Head of Purchasing Centre of Excellence at Agfa; he started by explaining the different ‘faces’ of supplier management:

  • Supplier Performance Management
  • Supplier Risk & Compliance Management
  • Supplier Information Management
  • Supplier Relationship Management
  • Supplier Lifecycle Management


Historically, he continued, we have all been taught to 'squeeze' our suppliers, to get the most for the least cost. But Wouter wonders: is that really the right approach?  In this changing world, if we want to build solid relationships with our suppliers, hadn’t we better show our cards, mutually, and dive together into the waters of a true partnership? That brings the highest value to your business.


Break the rules, Wouter encourages his peers.  Procurement is ready to become a 'sexy', i.e. profit, department again, instead of a cost department. But it should also be a people business, he emphasised.


When having a look at the foundations of vendor management, three words pop up: 'Ensure', 'value' and 'risk'. “The goal of Vendor Management is to ensure the organisation continuously obtains the best value from external providers of products and services, while controlling exposure to vendor-related risk.”


Of course, this isn’t only a procurement job: building a solid relationship with vendors also involves legal, ‘business’, senior management and finance. 


Wouter then brought this into the ‘real world’, by zooming in on Agfa’s governance model (see slide 38) and on the lessons learned there.

Keep a checklist, he concluded:

  • Do you understand how vendors are being managed in your organisation?
  • Is this process focussed on the right things? Does it target the right suppliers?
  • Do you manage risk?


After the break, Pierre Verbraeken, CISO, Barry Callebaut took the floor – with questions only, no answers, he stated.   Some of the questions included:

  • Are there any best practices that can be shared?
  • Are there any recommendations where you see this type of security policy integrated in the relationship with external vendors?
  • How can this be integrated in a Master Agreement (as a part of the liability chapter)?
  • Is a separate policy per partner sufficient, or does best practice include having individual users acknowledge the policy?
  • Can we impose an audit on the vendor’s endpoints?


This led into the highly interactive roundtable discussion, during which the participants exchanged concerns and best practices on how to enforce a company's security standards on its suppliers.














Dear visitor,

Access to more information about this topic and/or to download the paper is easy and fast, but exclusively for Beltug members (just login to get access).

Beltug gathers a lot of information. Here you find the advantages of Beltug membership

The Beltug Team

Click here to login

>>> Back to overview