Due Diligence and Ongoing Monitoring

We generally include the following in our document requests: " If you prefer not to disclose some of the requested documentation, please provide a written explanation so that we may provide it to our regulators." More

This message was posted by a user wishing to remain anonymous What is acceptable documentation in leu of a SOC report when a vendor does not have a SOC, such as a privately owned business? More

Nicole, The merger, rebrand, acquisition depends on how and who owns the controls for the due diligence. Rebranding is generally a simple name change, nothing in the underlying control framework changes. Therefore, updates to your database regarding ... More

Nicole, you will need to take your lead from your vendor on which due diligence to use and when it is available for mergers, acquisitions (M/A), and rebrands. Those are determined by the time of year the event occurred and whether the products involved ... More

I'm interested in hearing how others account for third-party relationships that have rebranded, merged, or been acquired? Specifically, when a third-party changes name or ownership: From which entity do you obtain due diligence (legacy name vs. new ... More