Latest Discussions

This message was posted by a user wishing to remain anonymous We use Concord Fax

Hi. We use xMedius. It is a a digital fax solution that allows users to send and receive faxes through email. It is convenient to send a fax, via email. I think it is a good solution. ------------------------------ -Nicole ------------------------ ...

When we got rid of fax machines, we started using Faxage.

This message was posted by a user wishing to remain anonymous Hi all, we have one old school fax line left at one of our branches and it seems they fax around 10 times a month and most faxes are from the State or something for HR. I would like to ...

This message was posted by a user wishing to remain anonymous P&L Statement, written statement from company with explanation as to why they don't release the statement Security testing results, a letter from their auditor or Director of IT, as ...

This message was posted by a user wishing to remain anonymous Hi everyone, does anyone have a list of questions or checklist, I can use to evaluate a Forensic vendor? Thanks.

This message was posted by a user wishing to remain anonymous Hi, For small/medium sized businesses in Europe with very immature TPRM program in place, and no or limited resources/automation, I'd be interested in understanding how you perform due ...

This message was posted by a user wishing to remain anonymous We are evaluating our vendor due diligence requirements and are wondering what the community here deems as acceptable due diligence for the following: Reviewing Financial Condition - ...

This message was posted by a user wishing to remain anonymous I am fairly new to using the platform, but we are currently listing such vendors as medium risk. with the PII as an individual rating, like what you mentioned, rates as high but once all ...

This message was posted by a user wishing to remain anonymous Hello, I need to review the risk ratings of the Marketing vendors at my financial institution. A few have a limited amount of PII like names, emails and addresses. They are currently rated ...

This message was posted by a user wishing to remain anonymous Hey, I was wondering if this community could give me some direction in continuing my pursuit in TPRM. I am unsure of my current position at my current company due to being acquired by another ...

I am interested in this approach as well.

I am interested in this approach as well, please let me know if you can share some question templates to fully understand the approach.

Please share with me as well! I'd love to see the questions

I am fascinated by this approach. Would you be able to share your questions with me and potentially have a conversation.

I've done this at other institutions as well and I agree with Stanley it does work well, it drives action for fixable risks, and takes out the complexity and questions.

We have taken a slightly different approach which eliminates the need for weighting categories/dimensions of risk. For any given question, we have a dropdown list of answers. Whether it be 2, 3, or 4 answer choices, each answer choice is rated (low, moderate, ...

So, from a policy standpoint, this sort of activity (the unauthorized onboarding) might fall into a number of violations, all depending on how you have your Acceptable Use and other policies/standards defined. In this case, the process of calling this ...

Third party risk appetite statements. I wrote a long answer but it didn't show up. I'm going to wait 24 hours, if it doesnt I'll rewrite it.

Dallas, (Cool Name, I'm boring Dan) TLDR - put in a risk appetite statement that says if they have sensitive data or access to the company than the inherent risk is automatically a high. Below I put the weight inherent risk I've used working with banks. ...