Policy, Program, and Procedures

 View Only

Welcome to the Policy, Program, and Procedures Community. Here you will find the latest discussions and resources that can help you in this area. This community focuses on creating a policy, program, and procedures; best practices; ideas; tips; guidance; how to implement; and more. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Policy, Program, and Procedures: Successful vendor risk management requires a fully documented set of practices. Regulators and examiners expect you to have three written documents – a policy, program, and procedures. These documents must be updated at least annually or more frequently as guidance changes or significant organizational changes occur. And, it’s important the work product produced matches what the policy and program documentation says.  

Latest Discussion Posts

  • Profile Picture

    RE: Criticality criteria for third party vendors

    By: Anonymous Member , 14 days ago

    This message was posted by a user wishing to remain anonymous This is a fairly dated response but I thought of one thing to add. I agree with the approach Debbie stated, first of all. In a prior shop where I worked, we established criticality very ... More

  • Profile Picture

    RE: Managing Vendors with New AI Capabilities After Onboarding

    By: Tiffany Haspil , 25 days ago

    Hannah, Thank you for the thoughtful response. Vendor attestations are not something I had considered before, so I really appreciate the recommendation. We can absolutely incorporate language into our onboarding platform, Zip, through the vendor ... More

  • Profile Picture

    RE: Seeking Credit Union Examples of Exempt / Out‑of‑Scope Vendor Definitions

    By: Anonymous Member , 27 days ago

    This message was posted by a user wishing to remain anonymous Venminder has a policy template that details what vendors to be exempt from oversight. I believe you can find it on this site. More

  • Profile Picture

    RE: Managing Vendors with New AI Capabilities After Onboarding

    By: Hannah Gulan , 27 days ago

    Tiffany, What you're describing is one of the more challenging issues in TPRM right now, and I don't think training or annual check-ins will fix it on their own. Not because they aren't valuable, but because the bigger gap is timing. Vendors are ... More

    1 person likes this.
  • Profile Picture

    RE: Managing Vendors with New AI Capabilities After Onboarding

    By: Stanley Simon , 27 days ago

    Hi Tiffany, Great question! We recently updated our Risk Classification Questionnaire (RCQ), which by the way is a stand-alone Excel. We added 2 questions to address the issues you ask about. Whenever there is a new agreement for review, whether it ... More

    1 person likes this.

Polls

Most Active Users List