Latest Discussions

Hi All, How do you classify your managed print services vendor? Thanks for the feedback.

This message was posted by a user wishing to remain anonymous For critical vendors, it's important, first and foremost, to make sure the contract requires them to notify you of any sub-service providers that are essential to the services they are providing ...

Open source software is vetted by IT Security, once approved the vendor is added to the portfolio in our vendor Risk Management tool and subject to the due diligence appropriate to the risk rating assigned. From experience, these vendors are rated M ...

Could anyone please share how your company deals with Open source development software? Is your Sourcing and Vendor Management Department involved? I appreciate any and all comments. Thanks, Dr. Jayne Suess

This message was posted by a user wishing to remain anonymous Seeking recommendations for RFP software.

While Systemically Important Financial Markets Utilities (SIFMUs) are part of the due diligence process every financial institution in the finance industry is required to perform, they are unique. First, since October 2014, they are the most highly regulated ...

This message was posted by a user wishing to remain anonymous Re: Systemically Important Financial Markets Utilities (SIFMUs): Hello all, Not sure if this topic was a previous discussion. How is everyone handling reviews of their SIFMUs? From my experience, ...

This message was posted by a user wishing to remain anonymous Thanks every1 for your responses! Also will these courses be beneficial if Iam working in a Local bank in Dubai (United Arab emirates)?

For the time being, site visits will take place interactively. Site visits as we are used to will return, but for now, virtual site visits are an option. Bear in mind the large the spend, the more you need to perform a site visit. We should use caution ...

This message was posted by a user wishing to remain anonymous Looks like C3PRMP is through Sourcing Industry Group (SIG). Cost is about $4,895, but has a free trial. https://sig.org/sig-university/certified-third-party-risk-management-professional-certification ...

This message was posted by a user wishing to remain anonymous Hi Jeff, We require evidence of coverages below based on inherent risk rating. Range is $1M to $15M. The higher* amounts for Medium and High Risk and/or if considered a Technology provider. ...

I had not heard of the certification, either. However, based on some quick Google research, the book upon which the certification course is based, "Third Party Risk Management – Driving Enterprise Value", by Linda Tuck Chapman, on is available on the ...

Honestly, I've never heard of this particular certification. In looking at most jobs posted on Linkedin, the companies seem to be looking for the following certification(s) specific to TPRM: * CTPRP ( https://sharedassessments.org/ctprp/ ) * CRVPM ...

My colleague and I have gone through the course. We both felt it was beneficial.

This message was posted by a user wishing to remain anonymous Hi All, Could any one advise if C3PRMP is a good Certified course for 3rd party risk professionals? Thanks!

​​ What is your plan for 4th party vendors on a critical vendor?

It's a rare scenario, but you definitely need the Board approval and respective business desk approvals. Then you need to identify all data connections (should have been identified at onboarding), make sure your access management terminates all digital ...

How do you handle offboarding of third parties where the third party inherent risk is Critical (e.g. millions of records with restricted data included)? Thanks, Dr. Jayne

Good Afternoon, We are working to define what our corporate minimum insurance requirements are for the different types of engagements. This is easier said than done. Of course, each specific engagement will need to be evaluated to find out if the $ ...

We review Critical vendors annually; Moderate every three years and No Impact every five years.