Classification: Confidential
Hi there-
In my organization, we first assess the vendor for Materiality to operations- if a vendor is deemed material we then look at the service being provided- if this vendor has any access to confidential data, you want them to be financially viable in the unfortunate event that you might have a breach for which they may need to cover you for. Insurance may be in place, but a financially weak company partnership is risky. If the vendor does not access protected data, but the services provided by them are deemed as moderate or difficult to replace (unique, or took considerable time and resources to implement) you should want to make sure they are financially viable so you aren't stuck needing to find another provider in a year because they went belly up. That is an avoidable drain on your organization. Regulators want to make sure that you are making sound, risk basked decisions on who you partner with for services. If your company can survive without negative customer impact should a vendor not perform or abruptly exit the services, then you can make the argument to waive the financial review.
I hope that helps!
All the best.
Jenn Wilkinson
Vice President
Strategic Vendor Management
Cenlar FSB
This message has been marked as Confidential by Wilkinson, Jennifer on Wednesday, April 7, 2021 7:37:20 AM.
***********************************************************
NOTICE: The information contained in this message is intended for the addressee(s) only and may be confidential,
proprietary, or legally privileged. If you have received this message in error or there are any problems with the
transmission, please immediately notify us by return e-mail. The unauthorized use, disclosure, copying, or alteration
of this message is strictly forbidden. The sender will not be liable for any damages arising from alteration of the
contents of this message by a third-party or as a result of any virus being transmitted.
This notice is automatically appended to each e-mail message transmitted from the sender's e-mail domain.