Latest Discussions

  • Good morning! I like everyone's perspective on this! I agree that checking the contract to determine how data will be stored/returned/handled will be key. For the due diligence monitoring collection and review, I had the following thought to consider: ...

  • We just had a VM audit last month and some recommendations were given to us. What does your policy say about when you change a vendor from active to inactive? This would factor into what you should do. If it was me, I would for sure get any due diligence ...

  • I would agree with Cheryl and waive the review. However, given it is a critical/high risk vendor, there is some likelihood that they store some sensitive/NPI data for your company. If that is the case, this may be a good opportunity to review the contract ...

  • I would just make a note of it and waive the review. The reviews are done so we are sure our data is safe, secure and the vendor is doing well in order to continue the relationship. If you are terminating the relationship, the review is a moot point. ...

  • Profile Picture

    Review for Offboarding Vendor

    This message was posted by a user wishing to remain anonymous One of our vendors is up for an annual review 30 days before our contract ends. They are rated as high inherent risk and are a critical vendor. Can anyone recommend how to handle this? I ...

  • We keep all vendors / contracts within our system as well. We added a custom field and marked any vendors such as regulatory agencies, utilities, or insignificant vendor relationships as Exempt.

  • Profile Picture

    Risk Transfer Agreement - related to Insurance

    This message was posted by a user wishing to remain anonymous Hello, our insurance company has suggested that we have our vendors sign a Risk Transfer & Insurance Agreement to further mitigate risk around the vendor not having sufficient insurance coverage.while ...

  • Profile Picture

    RE: Vendor Background Check

    This message was posted by a user wishing to remain anonymous The frequency in which you review vendor due diligence depends on your TPRM Program specifications. For low or moderate risk vendors, it is not necessary to run a background check annually ...

  • Below is the verbiage we have in our TPRM Policy: The Program is not intended to cover the following relationships: Relationships with customers or members or account-holders of the Credit Union ; ...

  • Profile Picture

    RE: Assessments

    Posted in: Risk Assessments

    Hi, I recommend looking at the vendors in your organization's portfolio. Start by determining which vendors are critical. Remember: This activity requires consideration of the following 3 questions: Would the sudden loss of this ...

  • Thank you!! Charity Kittrell Director, Vendor Management

  • Profile Picture

    RE: Non-Contract Vendors

    This message was posted by a user wishing to remain anonymous In our Vendor Management policy, our definition of "vendor" specifically excludes vendors that we cannot influence (such as utilities), that are immaterial to our organization (such as coffee ...

  • Would definitely like more information around what Venminder is seeing as it relates to AI and onboarding due diligence and contract language.

    1 person likes this.
  • Profile Picture

    RE: Vendor Performance Management and KPI's

    Posted in: Reporting

    This message was posted by a user wishing to remain anonymous I too am interested in this, as it seems to be an overwhelming task to standardize performance metrics, SLAs, KPIs, etc. for a vendor portfolio that is very broad (banking/financial services). ...

    1 person likes this.
  • Posted in: Reporting

    Vendor performance monitoring feels like an overwhelming but important piece of a successful Third Party Vendor Management program. As we look to mature our third party risk program, I would like to learn of some of the best practices other organizations ...

    1 person likes this.
  • Profile Picture

    Non-Contract Vendors

    This message was posted by a user wishing to remain anonymous How does your organization handle non-contract vendors or what advice would you have in these types of relationships. Currently, we have vendors recorded in our vendor list which we consider ...

  • These are challenges I have addresses by writing internal policies that establish specific requirements and cooperation from third parties. Once requirements are established and make their way into contract templates third parties are bound to them and ...

  • Profile Picture

    RE: Omissions from TPRM Program

    This message was posted by a user wishing to remain anonymous Hi Amanda, Thank you so much for providing an overview of your in scope/out of scope vendors. We're in the process of maturing our program and this, along with Venminder's template provided ...

  • Profile Picture

    RE: Artificial Intelligence

    This message was posted by a user wishing to remain anonymous We are also experiencing vendors that are are starting to utilize or incorporate some form of A/I functionality so I'm curious as well if anyone has any recommendation. One method we are ...

    1 person likes this.
  • Profile Picture

    RE: Ongoing Monitoring

    This message was posted by a user wishing to remain anonymous No, they won't complete our request for information or our questionnaire.