Exams or Audits

Expand all | Collapse all

Vendor Site Visits

  • 1.  Vendor Site Visits

    Posted 03-10-2020 04:31 PM
    I am part of a group from our Bank invited to visit our Core provider's data centers. Does anyone have a checklist of things to ask and examine during a site visit that they could share? Unfortunately, our visit will be very short; more of a tour than a formal site visit. We will have only an hour or so in each of 2 data centers. I would like to have a quick list of the most important items to look for in order to make the most of my time.
    Thanks in advance.


  • 2.  RE: Vendor Site Visits

    Posted 03-11-2020 10:25 AM
    We do have a checklist for site visits. It's fairly basic, and includes things regarding security cameras, footage maintenance, are fire extinguishers/sprinklers in place, are shred bins in place, etc. For data centers and server rooms, there are additional questions regarding security measures (biometric?), smoke and moisture detection, utility connections, what redundancies are in place, and so forth.  I'd be glad to email the list directly to you if you'd like.


  • 3.  RE: Vendor Site Visits

    Posted 03-11-2020 10:30 AM
    ​John,
    Could you please send me a copy of your checklist. I would like incorporate some new items into my site visits You can mail them to Michael.Prowell@mrcooper.com


  • 4.  RE: Vendor Site Visits

    This message was posted by a user wishing to remain anonymous
    Posted 03-11-2020 01:42 PM
    This message was posted by a user wishing to remain anonymous

    Recommend that you add to the list:
    - if cell phones are allowed on the production floor; if not, how do they ensure cell phones are not on the floor?
    - also, ask if they maintain a list of passwords.  You and I know the emailing or storage of passwords is not something that should be allowed, but I have had two on-sites where the manager felt that he should be privy to all passwords and was having staff email him their passwords and then he saved them into a folder within his directory.
    - with the Coronavirus as a hot topic, also ask to view their Pandemic Plan while you are on-site.


  • 5.  RE: Vendor Site Visits

    Posted 03-11-2020 10:35 AM
    Hi John,
    could you please send me the checklist as well?  laure.slezak@northpointe.com
    Thank you!


  • 6.  RE: Vendor Site Visits

    Posted 03-11-2020 10:38 AM
    ​Good Morning John,

    I would like to see the checklist as well, and if you'd like, I can send you mine I generated a few weeks ago to possibly identify some shortfalls or gaps.

    Let me know at your earliest.


    - Derek


  • 7.  RE: Vendor Site Visits

    Posted 03-11-2020 10:43 AM
    Hey Derek,

    If you don't mind, I would love to see yours also please. My direct email is julius.drayton@shellpointmtg.com.

    Thanks so much!


  • 8.  RE: Vendor Site Visits

    Posted 03-11-2020 10:36 AM
    ​John,
    Thanks for the info. I would like to get your checklist. You can e-mail it directly to me at mweaver@firstbank.com
    Thanks again.


  • 9.  RE: Vendor Site Visits

    Posted 03-11-2020 10:41 AM
    ​John,

    Could you please send me a copy of your checklist also. You can email me at julius.drayton@shellpointmtg.com.

    Thanks so much!





  • 10.  RE: Vendor Site Visits

    Posted 03-11-2020 10:43 AM
    Would you be able to send this to me as well? etmanm@pioneerbanking.com


  • 11.  RE: Vendor Site Visits

    Posted 03-11-2020 12:02 PM
    Hi John, I would appreciate a copy also. mtully@enterprisebank.com . Thanks


  • 12.  RE: Vendor Site Visits

    Posted 03-12-2020 09:01 AM
    I would also be interested in viewing your checklist, if you wouldn't mind sharing.it.  Thanks, John.

    ------------------------------
    Susan Ingham
    ------------------------------



  • 13.  RE: Vendor Site Visits

    Posted 03-12-2020 09:58 AM
    I would be interested in a copy of the checklist if you would share it. Thanks.  You can email to Tonya.Harper@syb.com


     
     ​


  • 14.  RE: Vendor Site Visits

    This message was posted by a user wishing to remain anonymous
    Posted 03-11-2020 10:37 AM
    This message was posted by a user wishing to remain anonymous

    To create a quick list I suggest using NIST SP800-53 Physical and Environmental Controls.  Information Security Controls can be done in a virtually being you are short on time.  If you have the list of controls it will focus the tour and you can select testing various controls like looking at visitor logs, camera footage, etc.