Trending Discussions

Check Out Trending Discussions
Network. Collaborate. Connect. 

This community provides a space where professionals in the industry can access third party risk management resources, and more importantly, interact with each other through discussion boards. You’re able to network, share stories, ask questions, receive feedback from others to help overcome your own challenges and more. 
  • Posted in: Contract Management

    It's been coming up in different meetings that some companies are asking their third-parties if they have a cyber liability policy in place and what their minimum liability coverage is. It has been decided that we will ask this question within our vendor ...

    1 person likes this.
  • Profile Picture

    Inherent Risk - Physical Access

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous We have a secured campus and maintain a well established policy for vetting non-employees prior to providing them any building access. A key pass is required to use the elevator, enter staircases, ...

  • Profile Picture

    Risk rating help

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous Hello all, I'm having trouble defining strategic risk and fully understanding how it affects each vendor. The description that I have is this - Strategic risk is the risk arising from adverse ...

  • Good Morning, We are trying to make improvements to our vendor management program and we would like to better manage open source software. Would anybody be willing to share how they approach due diligence for open source software? Would anyone be willing ...

  • Profile Picture

    Venminder and Contract Uploads

    Posted in: Contract Management

    This message was posted by a user wishing to remain anonymous Good afternoon, I have a question for Venminder users...how are you all uploading master service agreements and various SOWs or Orders into the product profiles? Do you include the master ...

  • Profile Picture

    Reviewing 3rd Party Attestation reports

    This message was posted by a user wishing to remain anonymous Looking for some assistance on how to review our 3rd party's reports, SOC reports for example. Is there a checklist or similar that can be used to ensure that what is covered in the SOC report ...

  • Posted in: Exams or Audits

    I realize this is a VM blog but i'm hoping some of you also manage BCP for your credit union and are willing to share some info. I'm curious how you have/will approach testing of business functions during the pandemic. Has it been testing as usual or ...

  • Profile Picture

    Ongoing Monitoring of Records Management Vendors

    This message was posted by a user wishing to remain anonymous What type of on-going monitoring do you conduct for records management vendors? We have a few vendors that we store historical paper with and I'm trying to make sure we're appropriately monitoring ...

  • Profile Picture

    What is a vendor?

    This message was posted by a user wishing to remain anonymous What is your definition of a vendor ? With an ever-growing list of vendors in our organization, I am attempting to create a firm definition on what constitutes as a vendor --- in hopes ...

  • We recently received an FFIEC examination report for one of the top card payment network providers from our federal regulator. Our current Vendor Management policy states payment card licensing network providers (i.e. VISA, MasterCard, etc.) are out of ...

  • Profile Picture

    Title Insurer Oversight

    This message was posted by a user wishing to remain anonymous As a lender we conduct both initial and ongoing due diligence for the Title Companies and Attorneys that of whom we are engaging with to conduct settlements. Within the past few years, there ...

  • Profile Picture

    Insurance Industry: Reinsurer Oversight

    This message was posted by a user wishing to remain anonymous Thinking about Reinsurers in the Insurance Industry – does anyone have advice on how to structure an oversight framework for Reinsurers? Is this different than for a typical Third Party or ...

    1 person likes this.
  • Has anyone found a good way to perform financial health monitoring? The service we are using isn't providing useful information on public or private companies. We've found that for the private companies they rely on industry data, which hasn't been relevant. ...

  • Posted in: Risk Assessments

    Hello, When do you know if you should perform a risk assessment on a vendor? How do you know it qualifies/does not qualify as a "vendor"? It feels counterproductive to perform a risk assessment on vendors such as lawn care, snow removal, magazine ...

  • Profile Picture

    Risk assessment

    Posted in: Risk Assessments

    Hi All, Happy New Year! Is there a list of services outsourced by a financial institution which is out of scope for risk assessment like telephone and utility bills,statuatory and regulatory services,softwares and licenses, temp staff hiring? T ...

  • Posted in: Regulations

    Regulatory alert! The OCC, Federal Reserve and related federal regulatory bodies have issued a notice of proposed rulemaking. If implemented the proposed regulations would: 1) define which type of cybersecurity incidents would need to be reported to ...

  • Profile Picture

    Custodian For Fannie Mae Collateral

    This message was posted by a user wishing to remain anonymous Good Afternoon, We are considering adding an additional document Custodian for Fannie Mae Documents. Can anyone provide any guidance how to Vet such a vendor? Since the Vendor is a Bank ...

  • Hi, The SolarWinds hack has impacted approximately 18,000 of its customers (those using the vulnerable versions of the Orion product). Does anyone know if the list of 18,000 potentially impacted customers has been made public? Although my company has ...

  • Are there specific industries or vendors that you exclude from your vendor list or vendor management program, such as utilites, appraisers, FED, etc.?

  • Hello everyone! I'm wondering how you handle due diligence for vendors like, The Federal Home Loan Mortgage Corporation (Freddie Mac). We're thinking it would be very hard to get any type of due diligence from them and leaning towards making them exempt ...