The Vendor Management module links contracts, assets, and tickets to the third parties behind them. Used right, you stop missing renewal dates and start holding vendors accountable to their SLAs. Used wrong, it becomes a glorified address book.
The three core records
Vendor (the company), Contract (the agreement), Asset (the deliverable). All three link together. A vendor can have many contracts; a contract covers many assets; an asset has one current contract.
Build vendor records before contracts; contracts before assets. Reverse order creates orphan records.
Required vendor fields
At minimum, every vendor needs:
- Legal name and trade name (often different).
- Primary support contact with phone and email.
- Escalation contact (different person, often a manager).
- Portal URL and credentials reference (do not store passwords; reference your vault).
- Payment terms (Net 30, Net 60).
- Account number for support.
Custom fields for security: data residency, GDPR DPA on file, SOC 2 report date.
Contracts and renewal alerts
Each contract has start date, end date, auto-renew flag, notice period. Build an automation: 90 days before end date, alert the contract owner. 60 days, escalate to procurement. 30 days, escalate to CIO.
Without staged alerts, contracts auto-renew at undesirable terms or lapse mid-quarter.
Linking assets
Assets link to vendor (manufacturer) and to contract (current support). The link is the basis for “what is out of warranty” and “what does this vendor support” reporting. Build both reports as scheduled exports to procurement.
For SaaS contracts, the asset is the subscription. Track license count, used count, and unit cost. The unused-license report drives savings at renewal.
Vendor SLA tracking
When you log a ticket against a vendor (problem with a vendor service), capture vendor response time. A custom field “vendor_response_at” set when the vendor replies, computed against the contract SLA.
Build a vendor scorecard: tickets logged, average response time vs SLA, breaches per quarter. Bring the scorecard to renewal negotiations. Without data, vendors get the benefit of the doubt.
Approval workflow for vendor contact
Some vendors charge per support call. Build an approval workflow: agents above tier-1 cannot open vendor tickets without manager approval if the vendor has a per-incident contract. Reduces vendor spend.
For vendors with unlimited support contracts, no approval needed; encourage usage to extract value.
Vendor portal access
Some vendor portals have SSO; configure the link in the vendor record so agents launch directly. For vendors without SSO, store the credential reference (vault URL) not the credential itself in the vendor record.
Decommissioning
When you cancel a vendor relationship, do not delete the record. Mark vendor inactive, archive contracts, record termination date and reason. Future audits (“did we ever use vendor X”) need this.
Reassign or close any open tickets against the vendor before marking inactive; otherwise tickets become unassignable.
Reporting
Two essential reports:
- Contracts expiring in next 90 days, sorted by date, with renewal owner.
- Vendors with active SLA breaches in last quarter.
Schedule both to procurement and IT leadership weekly.
What to do this week
Pull your top 10 vendors by spend. Confirm each has a contract record with end date and renewal alerts configured. Fix the gaps before the next renewal cycle catches you flat.
