Skip to content

Does Santa have good vendor risk management?

Following last year’s sleigh ride through operational resilience, Santa’s Chief Operating Officer Mrs. Claus realized how many processes and resources were supported by vendors. While Santa set some of those arrangements with a wink and a nod, Mrs. Claus knew this wouldn’t cut it – they needed to follow a vendor risk management (VRM) lifecycle.

Here is what she scribbled on the back of the naughty and nice list:



Shortly after tallying up an inventory of existing vendors, disaster struck. The company that owned the primary and secondary sleighs, as well as maintaining service crews around the world, went bankrupt. Not only that, both sleighs were impounded.

It was time to put her VRM process through the wringer while sourcing a suitable replacement.


Subscribe to our knowledge hub to get practical resources, eBooks, webinar invites and more showing the latest developments in risk, resilience and compliance, direct to your inbox.

Subscribe now

Tiering the vendors: Sleigh supplier stratification

Mrs. Claus, taking charge, knew that identifying the right vendor for their Sleigh as a Service (SaaS) model was critical. She categorized the sleigh providers as Tier 1 vendors due to their critical role in Christmas operations. This tiering guided the level of scrutiny and due diligence required to ensure a vendor could meet the North Pole’s high standards, not just the lowest bidder (or whoever slips Santa a sherry).

Due diligence: Making a list, checking it twice

Mrs. Claus, leveraging her automated VRM platform, initiated an extensive due diligence process. Questions were crafted to evaluate potential vendors on financial stability, ethical treatment of reindeers, sustainability in sourcing wood, adherence to sleigh safety standards, the efficacy of their business continuity plans, and the origins of their labor.

These inquiries were designed not just to assess the vendors' current capabilities, but also to gauge their alignment with the North Pole's values and long-term viability. Systematic capture made it easy for the North Pole to evaluate what was outstanding and request follow-up information.

Risk assessment: Beyond the naughty or nice

After scrutinizing the due diligence responses, Mrs. Claus and her team conducted a detailed risk assessment of their chosen vendor, Sleigh Maintenance Co. Despite satisfactory due diligence responses, concerns remained about labor practices potentially leading to crew shortages and the use of unsustainably sourced wood, which could spark a reputational blizzard for Santa.

To mitigate these risks, Mrs. Claus implemented clauses mandating annual third-party certifications confirming adherence to industry standards in labor and environmental practices.

Ongoing monitoring: Elves on vigil

To ensure the sleigh would be ready for its critical Christmas Eve journey, ongoing monitoring was paramount. The vendor was required to provide regular updates on sleigh performance and undergo quarterly financial stability reviews. This proactive approach aimed to prevent unforeseen issues, ensuring the sleighs remained in top condition.

Crisis averted: Managing the unthinkable

During the year, a dip in sleigh performance data signaled potential trouble. It was discovered that a rogue decision had led to the use of inferior wood in sleigh maintenance. Under Mrs. Claus's leadership, this crisis was swiftly managed. The vendor corrected the issue, and sleigh performance was restored to optimal levels, demonstrating the effectiveness of the VRM process in real-time problem-solving.

With visibility into the outstanding issues and actions for all vendors, Mrs. Claus had a bird’s eye view of where attention was needed.

The maiden voyage: Sleighing it

The true test of the revised approach to vendor risk management came on Christmas Eve. As Santa embarked on his maiden voyage with the new vendor, the stakes were high. The successful journey across the starlit sky was a testament to the robustness of the North Pole's vendor risk management. It was a clear indication that the new system was not just up to the task but could ensure the magic of Christmas delivery was preserved.

The impounding of Santa's sleighs was a blessing in disguise, catalyzing a transformation in how the North Pole managed vendor risks. Mrs. Claus's leadership in implementing a comprehensive VRM process ensured that Santa's operation adapted to modern challenges, maintaining the joy and reliability of Christmas deliveries.


A festive call to action

This tale from the North Pole serves as a reminder of the importance of robust vendor risk management. As you prepare for your own festive celebrations, consider the lessons from Santa’s workshop. Whether in a magical or corporate realm, foresight, preparation, and effective risk management are keys to success.

If you want to learn more about how to assess your vendor and third-party risks, download our Vendor Risk Management eBook for a detailed step-by-step guide to building an effective VRM program.

Read eBook


For additional North Pole risk management insights, read how Mrs. Claus answered another critical question – is Santa operationally resilient?

About the author

Michael is passionate about the field of risk management and related disciplines, with a focus on helping organisations succeed using a ‘decisions eyes wide open’ approach. His experience includes managing risk functions, assurance programs, policy management, corporate insurance, and compliance. He is a Certified Practicing Risk Manager whose curiosity drives his approach to challenge the status quo and look for innovative solutions.