This website community uses cookies to enhance your experience. Continue to use the site as normal if you agree to the use of cookies. Please review our privacy policy to learn more.
Learn more
OK
Skip to main content (Press Enter).
Login / Register
Skip auxiliary navigation (Press Enter).
Contact
venminder
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
Discussions
Latest
Unanswered
Communities
All Communities
My Communities
View All Communities
Education
Education Home
Live Webinars
Interviews
Videos
Podcasts
Glossary
Blog
Industry Conferences
Help
Getting Started
Code of Conduct
About the Community
About Venminder
Due Diligence and Ongoing Monitoring
View Only
Community Home
Discussion
1.6K
Library
103
Members
2.9K
Back to discussions
Expand all
|
Collapse all
sort by most recent
sort by thread
Out of Scope Vendors
Anonymous Member
07-15-2021 06:48 PM
This message was posted by a user wishing to remain anonymous Hello would anyone be willing to share ...
Nicole O'Brien
07-20-2021 09:18 AM
When defining your out of scope vendors, it's up to you and/or perhaps your particular auditor and organizational ...
1.
Out of Scope Vendors
1
Like
This message was posted by a user wishing to remain anonymous
Posted 07-15-2021 06:48 PM
Options Dropdown
This message was posted by a user wishing to remain anonymous
Hello
would anyone be willing to share their out of scope paragraph; especially if it has survived reviews/audits?
thanks
2.
RE: Out of Scope Vendors
0
Like
Nicole O'Brien
Posted 07-20-2021 09:18 AM
Options Dropdown
When defining your out of scope vendors, it's up to you and/or perhaps your particular auditor and organizational appetite on on whether or not your "paragraph" (assuming in your VRM Policy?) has more or less detail. Here is an example of a broad statement:
TPRM is intended to apply to all third-party relationships entered into by ABC Company, as communicated to the TPRM Department, including but not limited to: vendors, service providers, processors, business partners, program managers and marketers and other third parties, with whom ABC Company contracts for purposes of obtaining products or services, or who collaborate with the ABC Company in providing products and services in the marketplace.
Not in scope for this TPRM Policy:
Relationships with customers of ABC Company
Relationships with third-party providers of goods or products (or their sub-providers) which may reasonably be considered incidental to ABC Company's operations or lines of business and have no material or risk impact
With that said, I believe it is becoming more popular to list out additional entities that are out of scope for your program, such as: Utilities, government entities, attorneys, hardware providers, or individual contractors and consultants. Here is some additional information:
How-to Guide: Determining Vendors that Are In Scope and Out of Scope
I always like to hear what other people have to say about their scoping process, and what is determined out of scope. In the many organizations I've discussed this with, there always seems to be slightly varying opinions and appetites.
Original Message
Original Message:
Sent: 07-15-2021 05:40 PM
From: Anonymous Member
Subject: Out of Scope Vendors
This message was posted by a user wishing to remain anonymous
Hello
would anyone be willing to share their out of scope paragraph; especially if it has survived reviews/audits?
thanks
×
New Best Answer
This thread already has a best answer. Would you like to mark this message as the new best answer?
Home
Discussions
Latest
Unanswered
Communities
All Communities
My Communities
View All Communities
Education
Education Home
Live Webinars
Interviews
Videos
Podcasts
Glossary
Blog
Industry Conferences
Help
Getting Started
Code of Conduct
About the Community
About Venminder
Powered by Higher Logic