Trending

Check Out Trending Discussions
Network. Collaborate. Connect. 

This community provides a space where professionals in the industry can access third party risk management resources, and more importantly, interact with each other through discussion boards. You’re able to network, share stories, ask questions, receive feedback from others to help overcome your own challenges and more. 

Trending Discussions

  • Profile Picture

    4th Party Vendors

    ​​ What is your plan for 4th party vendors on a critical vendor?

  • Does anyone have suggestions for completing site visits during the Covid 19 environment? Any alternative approaches being contemplated?

  • ​ Would you consider a member's list to be non public or public information at a credit union? We have always kept it as our own, but now we are having vendors who need that information. Would you consider the vendors that have to have this information ...

  • Profile Picture

    Non public personal information

    This message was posted by a user wishing to remain anonymous If a TPSP only has access to name and address is that still considered NPPI? or Name and email address?

  • Profile Picture

    New Vendor Review

    ​We are currently reviewing our approval process for new vendors and looking for some process improvements to our current procedures; we would like to understand what other financial institutions are doing. Would anyone be open to sharing how you are ...

  • Profile Picture

    vendors and cloud software assessment (AWS)

    This message was posted by a user wishing to remain anonymous I have a vendor hosting an application in the cloud and due to the "shared cloud responsibility", I'm wondering if requiring reports (i.e. output of trusted advisor, is IAM used?, cloudtrail ...

  • Profile Picture

    Law Firms

    This message was posted by a user wishing to remain anonymous How are you addressing law firms? Given law firms and their individual lawyers are subject to binding ethical and legal obligations to maintain the confidentiality of everything they ...

  • Good Morning Think Tank Members, Curious if anyone has a good slide show/info piece that they can share for the "sales side" of Vendor Requests? Looking for material that will help explain Vendor Management high-level for the sales side of the house ...

    2 people like this.
  • Profile Picture

    Cost of Data Breach or Unplanned Outages

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous ​Has anyone started implementing cost analysis in there assessments specifically in relation to the cost of data breaches or unplanned outages. I'm wondering if anyone one has formulas or ...

  • Profile Picture

    Retention

    This is a two part question: 1, how long do you keep cancelled vendor information? Is it something that should be put in the basement and left forever or is there a set amount of time that we need to keep them? 2, On current vendors, how long do you ...

  • Posted in: Risk Assessments

    My Credit Union is in the process of further developing our vendor management program. I'm looking to the community to share what they use for Risk Assessment questions. I've found a lot of guidance when it comes to risk assessments but nothing with ...

  • Posted in: Reporting

    What are you doing, if anything, regarding the Corona-virus outbreak as far as vendor management goes?

  • Profile Picture

    CIS Controls questionnaire

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous I am looking for a questionnaire to use based off of the CIS controls. Does know if such a questionnaire exists? Thanks

  • Profile Picture

    UDAAP Compliance

    Posted in: Regulations

    This message was posted by a user wishing to remain anonymous What do you all do to ensure you're complying with "abusive" in UDAAP? How do you incorporate it into your ongoing monitoring?

  • Profile Picture

    Vendor Code of Conduct

    This message was posted by a user wishing to remain anonymous We currently have a Vendor Code of Conduct that presents itself to the vendor prior to entering our vendor management tool. There is nothing that is asked or required in the Code that a reasonable, ...

  • Profile Picture

    Vendor Risk Definition

    Can you share a definition of Vendor Risk that you are madly in love with?

  • Profile Picture

    Data Feeds to Financial Institutions

    This message was posted by a user wishing to remain anonymous ​​I work for a brokerage service. Our firm offers data feeds of our broker customers to financial institutions (i.e., banks, credit unions). These are common customers between the two organizations. ...

  • Profile Picture

    Ongoing Due Diligence

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous I work for a Credit Union that is $2.5 Billion, we have over 300 employees and 19 branches. I'm looking for guidance from places similar in size. I am new to Vendor Management and my department ...

    1 person likes this.
  • ​What additional due diligence should be conducted on a foreign vendor? I know it depends on their significance rating with the bank. Are there specific documents we should request?.

  • I am interested in finding out if anyone has developed an incident report that you use when a third-party has reported to you that a cyberattack/data breach has hit their systems? Is there a checklist you use to ensure that they have communicated to ...