Due Diligence and Ongoing Monitoring

 View Only

Welcome to the Due Diligence and Ongoing Monitoring Community. Here you will be able to network, collaborate, and see the latest discussions that can help you in this area. Note: You will need to Sign In to join in the discussions and access resources. 

About Due Diligence and Ongoing Monitoring: Whether you’re vetting a new vendor or following up on an existing vendor, performing due diligence is necessary to determine if a vendor is a good fit for your organization. Ongoing monitoring is a regulatory expectation, an overall sound business practice and can lead to discovering risk that would have otherwise gone unnoticed.

Latest Discussion Posts

  • Profile Picture

    RE: BC Plan

    I have been asked to write a BCP for a warehouse and distribution food company. Can anyone share an example that they may have, (all company names, detailed information redacted of course) I am in IT and have written DR plans but not a BCP. I have ... More

  • Profile Picture

    RE: BC Plan

    I am responsible for not only seeing if our key suppliers have BCPs but assess them. I check for a BC policy (for leadership support) and BCP components (Risk Assessment, BIA, Crisis Management (Incident Response & DRP), Training & Exercise, Plan Maintenance) ... More

    1 person likes this.
  • Hi Anonymous, We have a vendor we use their services for surrounding our board meeting. Based on the service they are providing we did include them in our vendor program as a tech vendor. I think this will depend on how your institution structures your ... More

  • Profile Picture

    RE: BC Plan

    When I look at DR/BCP plans I look to see if the plan is well documented, regularly updated and tested, has a BIA that includes RPO/RTO. I also like to see there back up locations for their data, and other important information will also be there that's ... More

    1 person likes this.
  • Hi Christi, Question: how often do you assess your non-critical vendors to determine/confirm if they are critical? Answer: We do not reassess vendor criticality unless there is some sort of change in service that would trigger such an event. I ... More

Polls