Latest Discussions

This message was posted by a user wishing to remain anonymous Hi I need some assistance re Contract Mgt policy templates as well as the standards/actions that should be taken during the different phases on a contract: Onboarding, On Going Monitoring, ...

While conducting a supplier risk assessment I determine what type of information is being shared, how it is being shared and then utilize the appropriate data security language section as prepared by our attorney for that specific purpose. If there ...

I had posted this info in another discussion but looks like it this question is hitting all of the discussion communities. I work in the insurance industry in CT. The NYDFS Cyber Regulation prompted us to create the following worksheet to capture the ...

I too would like to view any templates you may use to document responsible parties and their acceptance of the responsibility.

This message was posted by a user wishing to remain anonymous We are not OCC regulated however we do use their guidance in part in developing our contract checklist: Contract Provisions- Required by Policy Legal review ...

Hi Everyone, I am a Senior IT Risk Analyst for an FI (and Director of Risk Management for a nonprofit) and I am seeking information/feedback/answer to the following: -in my experience, setting up minimum contract term this more complex than it sounds ...

This message was posted by a user wishing to remain anonymous Hello, How does everyone handle inserting Information Security terms into their Supply Chain contracts? An example would be for a transportation vendor who only has details about the order ...

Warehouse lenders should be considered "vendors." To simplify this for other members who may not be familiar, a warehouse lender provides short-term loans to an organization so they can provide a loan to a customer without using their own capital. Typically ...

I would agree that MERs should be considered a critical vendor. There are very clear regulatory rules around providing the consumer with the "best data available." As a critical vendor, you will need to conduct a periodic risk review (at least annually), ...

This message was posted by a user wishing to remain anonymous Complimentary User Entity Controls - The following site maybe useful for you. The Importance of System Organization Control Reports and How to Effectively Interpret Them (vermont.gov)

This message was posted by a user wishing to remain anonymous Sorry- newbie here. What does CUEC stand for? Thank you!

This message was posted by a user wishing to remain anonymous Yes. We review (annually) any vendors with access to Employee or Client PII or NPI.

This message was posted by a user wishing to remain anonymous We review the SOCs/SSAEs for our payroll and retirement provider, but does anyone review these documents for other HR vendors such as health insurance and life insurance vendors for employees? ...

This message was posted by a user wishing to remain anonymous Are warehouse lenders considered as a vendor ? if they are considered vendors are they also considered critical or non critical ? I wanted to see how other industries are treating warehouse ...

This message was posted by a user wishing to remain anonymous We are in process of evaluating our critical vendors, during this process we have several vendors such as Elie Mae or MERS for example that we have tagged them as critical vendors, however ...

This message was posted by a user wishing to remain anonymous Since Credit Unions are regulated by the NCUA and FFIEC will they need to abide by the new interagency guidance issued by the Federal Reserve Board, FDIC & OCC? While the guidance is comprehensive, ...

Karmin, Thanks form the information you posted on Proposed Interagency guidance and Staff in Vendor Management. I am trying to redesign our Vendor Risk Management program, and would appreciate if you would be willing to share your Third ...

Lynn - I didn't realize I had the ability to respond to your message directly. This is my first time dipping my toes into the Venminder ThinkTank community board. I posted a message further below and will recap here. Your approach to vendor management ...

This is directed more towards Lynn Francisco than to the topic at hand and my apologies for sidetracking things. Lynn - your approach to vendor management and assigning vendor owners to manage their own vendors is exactly what we are in the process ...

This message was posted by a user wishing to remain anonymous We have been informally following the OCC guidance (although we are FDIC regulated) in maturing our TPRM program so the change in guidance is not going to impact the kinds of vendors we track ...