Saltar al contenido principal

Vendor Onboarding

Third-party vendors, contractors, and supply chain partners are one of the most significant sources of enterprise risk — and one of the least scrutinized. Standard procurement processes validate a vendor's legal existence, financial stability, and contractual terms. They rarely assess the individuals behind the company or the reputational signals that could expose your organization to liability.

WeCheck provides individual-level digital due diligence for the humans behind your vendors — before a contract is signed.

Why Vendor Risk Is an Individual Problem

Corporate entities can be cleaned up — name changes, restructuring, new registrations. The individuals behind them carry their history with them. WeCheck enables you to assess:

  • Company directors and UBOs — The people who control the vendor entity
  • Key technical staff — Contractors and engineers with access to your systems, data, or infrastructure
  • Account managers and points of contact — Individuals who will have privileged communication access to your organization

A vendor entity may pass all standard checks while one of its principals has a documented history of financial misconduct, extremist affiliations, or professional misrepresentation.

Reputational Risk Signals

For each individual subject, WeCheck surfaces:

Signal TypeExamples
Media mentionsCoverage in news relating to fraud, litigation, regulatory action, or financial scandal
Professional inconsistenciesClaimed credentials or experience that don't match verifiable public history
Extremist or ideological affiliationsPublic associations that could create reputational contagion for your brand
Hidden entity connectionsPublicly visible links to shell companies, sanctioned entities, or known bad actors
Behavioral red flagsPublic conduct patterns inconsistent with the professional relationship being established

Integration with Vendor Onboarding Workflows

WeCheck is designed to be triggered as a step in your procurement approval process via API:

  1. Procurement initiates a vendor request — A new vendor or contractor is proposed
  2. WeCheck scan triggered — Your system calls the WeCheck API with the key individuals' details (name, public identifiers, optional reference image)
  3. Report delivered — Results arrive via webhook within seconds, or are polled from the results endpoint
  4. Procurement review — Your team reviews flagged signals before finalizing the vendor agreement
  5. Decision documented — The scan record and review outcome are stored for audit purposes

For high-volume onboarding (e.g., a large contractor workforce), see Batch Processing to run multiple subjects in a single operation.

Ongoing Monitoring

Initial vetting at onboarding captures the state of a vendor relationship at one point in time. For long-term or high-access vendor relationships, periodic rescanning is a best practice:

  • Annual rescans — Run a fresh WeCheck scan for all active vendors on a yearly cycle
  • Event-triggered rescans — If a vendor is involved in a public incident, a contract renewal, or an access expansion, trigger a fresh scan
  • Role-change rescans — When a key contact at a vendor is replaced, scan the incoming individual before granting them access

Periodic rescans can be automated by scheduling API calls against your active vendor roster. See Batch Processing for high-volume scan management.

Supply Chain & Security Considerations

For technology vendors and contractors with access to your systems, data, or code, WeCheck adds a layer of human vetting that complements your technical security controls:

  • Privileged access contractors — Anyone with admin, root, or production access warrants heightened due diligence
  • Data processors — Vendors who handle your customer data under GDPR or CCPA have elevated privacy obligations — a WeCheck scan of their key personnel supports your vendor risk assessment
  • Software supply chain — For open-source contributors or third-party library maintainers integrated into your stack, WeCheck can provide a reputational check on key maintainers