Policy, Program, and Procedures

 View Only

Welcome to the Policy, Program, and Procedures Community. Here you will find the latest discussions and resources that can help you in this area. This community focuses on creating a policy, program, and procedures; best practices; ideas; tips; guidance; how to implement; and more. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Policy, Program, and Procedures: Successful vendor risk management requires a fully documented set of practices. Regulators and examiners expect you to have three written documents – a policy, program, and procedures. These documents must be updated at least annually or more frequently as guidance changes or significant organizational changes occur. And, it’s important the work product produced matches what the policy and program documentation says.  

Latest Discussion Posts

  • Profile Picture

    Job Description

    By: Ginger Gilbert , 21 hours ago

    Hi all – As a Vendor Management function led by a department of one, I'm working to better define roles and responsibilities as the program continues to mature. If anyone is open to sharing sample job descriptions for vendor management or third-party ... More

  • Profile Picture

    Questionnaires with AI Questions

    By: David Medina , 2 days ago

    Our third‑party questionnaires have been updated to incorporate new AI‑focused questions, including inquiries about AI usage and any use of our data in model training. We've also identified several third‑party vendors we plan to onboard whose offerings ... More

    1 person likes this.
  • Profile Picture

    RE: Vendor Criticality & Assessment Frequency

    By: Anonymous Member , 2 days ago

    This message was posted by a user wishing to remain anonymous This is how we determine our Critical Vendors. Tiers 1-3 are reviewed annually (Critical, GLBA & Infrastructure) Vendors providing services considered 'critical' to the Credit Union's daily ... More

  • Profile Picture

    Vendor Criticality & Assessment Frequency

    By: Anonymous Member , 7 days ago

    This message was posted by a user wishing to remain anonymous Hi all, I'm interested in how peer organizations are approaching two areas within their third-party risk programs: Critical Vendor Definition: How does your organization define ... More

  • Profile Picture

    RE: Criticality criteria for third party vendors

    By: Anonymous Member , 23 days ago

    This message was posted by a user wishing to remain anonymous This is a fairly dated response but I thought of one thing to add. I agree with the approach Debbie stated, first of all. In a prior shop where I worked, we established criticality very ... More

Polls

Most Active Users List