Latest Discussions

  • Not a Credit Union so can't apply NCUA reqs, Community bank here but thank you

  • I too received a huge push back from my internal team regarding ongoing monitoring of these vendors so I reached out to NCUA for guidance. Ultimately we decided to remove the indirect dealers from Venminder and it is now the responsibility of the Indirect ...

  • I would be interested in information on this as well.

  • Ok, how do you handle due diligence and classification of these type of relationships. I get a constant resistance from my internal team that these relationships aren't considered vendor relationship and they never want to do the due diligence and risk ...

    1 person likes this.
  • Posted in: Contract Management

    Hello, When it comes to insurance, obtaining a certificate is important. As part of due diligence, you'll want to ensure that the certificate is not expired and insurance coverage and type(s) are sufficient and in line with contractual obligations. ...

    1 person likes this.
  • Just to add to the great responses, our clients will use DnB and other business credit reports under the following conditions: Assessing a "Tier 1" vendor Mission Critical Vendor Has Access to Your Network/Customer Data Has a High Annual Dollar ...

    1 person likes this.
  • We use them based on the operational criticality risk for operationally moderate risk and operationally critical vendors. We use LexisNexis to supplement if there appear to be any issues surfaced by the DNBi assessment or if we want to dig into some ...

  • This is great. Thanks, Hilary!

    1 person likes this.
  • Profile Picture

    RE: When to pull Dun & Bradstreet Reports

    This message was posted by a user wishing to remain anonymous We actually subscribe to ArgosRisk in lieu of D&B. We find it provides us with comparable information. We also can incorporate the scoring nicely into Venminder, which is our vendor platf ...

  • Profile Picture

    RE: When to pull Dun & Bradstreet Reports

    This message was posted by a user wishing to remain anonymous Hi, I use Dun and Bradstreet reports for a multitude of things 1)assess potential vendors for RFPs, 2) merger acquisition information 3) identifying key competitors 4) identifying key ...

  • Profile Picture

    Supplier Risk Assessment

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous Hi All, I'm looking for best practices to what other organizations do to assess supplier risk around technology, people, service, change management, the supplier ...

    2 people like this.
  • Profile Picture

    RE: When to pull Dun & Bradstreet Reports

    This message was posted by a user wishing to remain anonymous Good day, While I think it is critically important to have a variety of information sources, I think that the one thing often missed is identifying parameters that should generate action. ...

  • Profile Picture

    When to pull Dun & Bradstreet Reports

    This message was posted by a user wishing to remain anonymous Hello, I'm curious to what other organizations do to pull dun & bradstreet reports on vendors. I'm currently brainstorming on the criteria my company would like to adopt and was wondering ...

  • Profile Picture

    RE: Reinsurers

    This message was posted by a user wishing to remain anonymous Thanks for your thoughts. Yes we have asked our reinsurers, in writing, to complete a security questionnaire but nearly all declined to cooperate citing no regulatory or contractual obligation ...

  • Posted in: Contract Management

    This message was posted by a user wishing to remain anonymous Dear Team, Hope you all are staying safe & healthy! Does a real estate property valuation service provider for mortgage loans need to maintain an insurance certificate to cover the Bank's ...

  • Profile Picture

    RE: Reinsurers

    Hi there, Even though your contracts do not explicitly contain information security requirements, that should not prevent you from asking your reinsurers to demonstrate they have sufficient data security controls. Cybercrime and information security ...

  • Posted in: Exams or Audits

    Thank you Aimee.

  • Profile Picture

    RE: Record Retention

    Posted in: Reporting

    This message was posted by a user wishing to remain anonymous Laure, I am in the financial industry, working for a credit union.

  • Posted in: Reporting

    We actually are just in the process of reaching out to vendors for this same thing. We have contacted eFileCabinet; Docuphase; NetDocuments;Treeno; DocStar ECM. What industry are you in?

  • We, also, vetted Salesforce in order to closely review data privacy.