Latest Discussions

  • Posted in: Contract Management

    This message was posted by a user wishing to remain anonymous Hi I need some assistance re Contract Mgt policy templates as well as the standards/actions that should be taken during the different phases on a contract: Onboarding, On Going Monitoring, ...

  • Posted in: Contract Management

    While conducting a supplier risk assessment I determine what type of information is being shared, how it is being shared and then utilize the appropriate data security language section as prepared by our attorney for that specific purpose. If there ...

  • Posted in: Regulations

    I had posted this info in another discussion but looks like it this question is hitting all of the discussion communities. I work in the insurance industry in CT. The NYDFS Cyber Regulation prompted us to create the following worksheet to capture the ...

  • Profile Picture

    RE: SOC2 CUECs

    I too would like to view any templates you may use to document responsible parties and their acceptance of the responsibility.

  • Profile Picture

    RE: Minimum Contract Terms/Contract Language

    Posted in: Contract Management

    This message was posted by a user wishing to remain anonymous We are not OCC regulated however we do use their guidance in part in developing our contract checklist: Contract Provisions- Required by Policy Legal review ...

    1 person likes this.
  • Posted in: Contract Management

    Hi Everyone, I am a Senior IT Risk Analyst for an FI (and Director of Risk Management for a nonprofit) and I am seeking information/feedback/answer to the following: -in my experience, setting up minimum contract term this more complex than it sounds ...

  • Posted in: Contract Management

    This message was posted by a user wishing to remain anonymous Hello, How does everyone handle inserting Information Security terms into their Supply Chain contracts? An example would be for a transportation vendor who only has details about the order ...

  • Posted in: Regulations

    Warehouse lenders should be considered "vendors." To simplify this for other members who may not be familiar, a warehouse lender provides short-term loans to an organization so they can provide a loan to a customer without using their own capital. Typically ...

  • Posted in: Risk Assessments

    I would agree that MERs should be considered a critical vendor. There are very clear regulatory rules around providing the consumer with the "best data available." As a critical vendor, you will need to conduct a periodic risk review (at least annually), ...

  • Profile Picture

    RE: SOC2 CUECs

    This message was posted by a user wishing to remain anonymous Complimentary User Entity Controls - The following site maybe useful for you. The Importance of System Organization Control Reports and How to Effectively Interpret Them (vermont.gov)

  • Profile Picture

    RE: SOC2 CUECs

    This message was posted by a user wishing to remain anonymous Sorry- newbie here. What does CUEC stand for? Thank you!

  • Profile Picture

    RE: HR Vendors

    This message was posted by a user wishing to remain anonymous Yes. We review (annually) any vendors with access to Employee or Client PII or NPI.

  • Profile Picture

    HR Vendors

    This message was posted by a user wishing to remain anonymous We review the SOCs/SSAEs for our payroll and retirement provider, but does anyone review these documents for other HR vendors such as health insurance and life insurance vendors for employees? ...

  • Profile Picture

    Warehouse Lenders considered Vendors ?

    Posted in: Regulations

    This message was posted by a user wishing to remain anonymous Are warehouse lenders considered as a vendor ? if they are considered vendors are they also considered critical or non critical ? I wanted to see how other industries are treating warehouse ...

  • Profile Picture

    MERS (Mortgage Electronic Registration System)

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous We are in process of evaluating our critical vendors, during this process we have several vendors such as Elie Mae or MERS for example that we have tagged them as critical vendors, however ...

  • Posted in: Regulations

    This message was posted by a user wishing to remain anonymous Since Credit Unions are regulated by the NCUA and FFIEC will they need to abide by the new interagency guidance issued by the Federal Reserve Board, FDIC & OCC? While the guidance is comprehensive, ...

  • Posted in: Regulations

    Karmin, Thanks form the information you posted on Proposed Interagency guidance and Staff in Vendor Management. I am trying to redesign our Vendor Risk Management program, and would appreciate if you would be willing to share your Third ...

  • Posted in: Regulations

    Lynn - I didn't realize I had the ability to respond to your message directly. This is my first time dipping my toes into the Venminder ThinkTank community board. I posted a message further below and will recap here. Your approach to vendor management ...

  • Posted in: Regulations

    This is directed more towards Lynn Francisco than to the topic at hand and my apologies for sidetracking things. Lynn - your approach to vendor management and assigning vendor owners to manage their own vendors is exactly what we are in the process ...

  • Posted in: Regulations

    This message was posted by a user wishing to remain anonymous We have been informally following the OCC guidance (although we are FDIC regulated) in maturing our TPRM program so the change in guidance is not going to impact the kinds of vendors we track ...