Due Diligence and Ongoing Monitoring

 View Only
Expand all | Collapse all

Executive Orders (EO): Compliance, identifying impacted third parties and on-going due diligence

  • 1.  Executive Orders (EO): Compliance, identifying impacted third parties and on-going due diligence

    Posted 04-30-2021 01:19 PM
    I'm curious what other TPRM Program are doing to proactively monitor Executive Orders (EO). The EO for Chinese applications in January is one we were able to quickly scan our systems, contract repositories and documentation (at least in the US) to determine if we were impacted. Internationally it was trickier.  Initial and on-going due diligence, tracking and monitoring against new contracts, purchases, etc. is proving to be a challenge. I'm curious if others have guidance/governance on how this is best handled within your programs you'd be willing to share.

    https://www.federalregister.gov/documents/2021/01/08/2021-00305/addressing-the-threat-posed-by-applications-and-other-software-developed-or-controlled-by-chinese


  • 2.  RE: Executive Orders (EO): Compliance, identifying impacted third parties and on-going due diligence

    Posted 05-06-2021 11:59 AM
    For monitoring when new executive orders are signed, my current recommendation would be to monitor industry news which will likely pick up on any impacting EO, and also monitoring the Federal Register's website tracking EOs:
    https://www.federalregister.gov/presidential-documents/executive-orders/joe-biden/2021

    As far as monitoring which vendors may be impacted by EOs limiting interaction with specific countries, a vendor/contract/GRC management application with all of your vendors and their countries of origin/impact from non US-based organizations should be able to report on that quickly for you. 

    What are other organizations doing to monitor for impacting events like EOs being signed and how are others managing those impacts?