Due Diligence and Ongoing Monitoring

 View Only

Welcome to the Due Diligence and Ongoing Monitoring Community. Here you will be able to network, collaborate, and see the latest discussions that can help you in this area. Note: You will need to Sign In to join in the discussions and access resources. 

About Due Diligence and Ongoing Monitoring: Whether you’re vetting a new vendor or following up on an existing vendor, performing due diligence is necessary to determine if a vendor is a good fit for your organization. Ongoing monitoring is a regulatory expectation, an overall sound business practice and can lead to discovering risk that would have otherwise gone unnoticed.

Latest Discussion Posts

  • Profile Picture

    RE: Testing of 3rd party monitoring of their critical/high risk vendors

    By: Anonymous Member , 12 hours ago

    This message was posted by a user wishing to remain anonymous I find that any quality conducted SOC 2 Type 2 report has some information regarding TPRM available within the body report and also within the scope of control testing, even if it's just ... More

  • Profile Picture

    RE: Testing of 3rd party monitoring of their critical/high risk vendors

    By: Howard Glassman , 12 hours ago

    Hi, To be clear, your vendors' third parties' contractors / vendors are fourth parties to you. Fourth parties are also known as subservice organizations. One best practice is to obtain the SOC 2 reports of your vendors. These reports should ... More

  • Profile Picture

    Testing of 3rd party monitoring of their critical/high risk vendors

    By: Anonymous Member , 15 hours ago

    This message was posted by a user wishing to remain anonymous I am looking for any best practices of how anyone tests that their 3rd parties are actively monitoring their critical/high inherent risk 3rd parties? What do you request and have success ... More

  • Profile Picture

    DOJ National Security Division - Data Security Program Covered Persons list

    By: Anonymous Member , 4 days ago

    This message was posted by a user wishing to remain anonymous Is this impacting/changing anything you are collecting from or asking from the vendor? We already check against OFAC, SAM, HUD, and FHFA suspended counterparty lists (as applicable) and ... More

  • Profile Picture

    RE: Assessing Software Resellers

    By: Cathy Ryan , 8 days ago

    Heather, This is a common source of confusion, as you need to determine whether you should just track and rank the contract holder (the reseller) or whether you should try to track and rank the end products that you are receiving (that you do not have ... More

    3 people like this.

Polls

Most Active Users List