Due Diligence and Ongoing Monitoring

  • 1.  Due Diligence for USPS

    This message was posted by a user wishing to remain anonymous
    Posted 07-14-2021 01:06 PM
    This message was posted by a user wishing to remain anonymous

    We are looking into one of USPS APIs and I am not sure where to go for diligence.  Has anyone successfully been able to review USPS?  If not, do you exclude them from your policy? How do you handle integrations?


  • 2.  RE: Due Diligence for USPS

    Posted 07-14-2021 04:27 PM

    Personally, I would classify the US Post Office as a regulated vendor, and as such, not be involved in a regular review.

    There isn't a whole lot of NPI, most likely. Two basic choices – exclude completely, or create a category that includes them, but doesn't require any recurring diligence activity, so it shows that you recognize the Vendor, but that you won't/can't pursue the more standard tasks, because of its federal status [ or whatever fits your internal policy ].

     

    Thanks,

          Dave

     

    David Howe

    Chief Information Officer