Trending

Check Out Trending Discussions
Network. Collaborate. Connect. 

This community provides a space where professionals in the industry can access third party risk management resources, and more importantly, interact with each other through discussion boards. You’re able to network, share stories, ask questions, receive feedback from others to help overcome your own challenges and more. 

Trending Discussions

  • Profile Picture

    Law Firms

    This message was posted by a user wishing to remain anonymous How are you addressing law firms? Given law firms and their individual lawyers are subject to binding ethical and legal obligations to maintain the confidentiality of everything they ...

  • Good Morning Think Tank Members, Curious if anyone has a good slide show/info piece that they can share for the "sales side" of Vendor Requests? Looking for material that will help explain Vendor Management high-level for the sales side of the house ...

    2 people like this.
  • Profile Picture

    Cost of Data Breach or Unplanned Outages

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous ​Has anyone started implementing cost analysis in there assessments specifically in relation to the cost of data breaches or unplanned outages. I'm wondering if anyone one has formulas or ...

  • Profile Picture

    Retention

    This is a two part question: 1, how long do you keep cancelled vendor information? Is it something that should be put in the basement and left forever or is there a set amount of time that we need to keep them? 2, On current vendors, how long do you ...

  • Posted in: Risk Assessments

    My Credit Union is in the process of further developing our vendor management program. I'm looking to the community to share what they use for Risk Assessment questions. I've found a lot of guidance when it comes to risk assessments but nothing with ...

  • Posted in: Reporting

    What are you doing, if anything, regarding the Corona-virus outbreak as far as vendor management goes?

  • Profile Picture

    CIS Controls questionnaire

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous I am looking for a questionnaire to use based off of the CIS controls. Does know if such a questionnaire exists? Thanks

  • Profile Picture

    UDAAP Compliance

    Posted in: Regulations

    This message was posted by a user wishing to remain anonymous What do you all do to ensure you're complying with "abusive" in UDAAP? How do you incorporate it into your ongoing monitoring?

  • Profile Picture

    Vendor Code of Conduct

    This message was posted by a user wishing to remain anonymous We currently have a Vendor Code of Conduct that presents itself to the vendor prior to entering our vendor management tool. There is nothing that is asked or required in the Code that a reasonable, ...

  • Profile Picture

    Vendor Risk Definition

    Can you share a definition of Vendor Risk that you are madly in love with?

  • Profile Picture

    Data Feeds to Financial Institutions

    This message was posted by a user wishing to remain anonymous ​​I work for a brokerage service. Our firm offers data feeds of our broker customers to financial institutions (i.e., banks, credit unions). These are common customers between the two organizations. ...

  • Profile Picture

    Ongoing Due Diligence

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous I work for a Credit Union that is $2.5 Billion, we have over 300 employees and 19 branches. I'm looking for guidance from places similar in size. I am new to Vendor Management and my department ...

    1 person likes this.
  • ​What additional due diligence should be conducted on a foreign vendor? I know it depends on their significance rating with the bank. Are there specific documents we should request?.

  • I am interested in finding out if anyone has developed an incident report that you use when a third-party has reported to you that a cyberattack/data breach has hit their systems? Is there a checklist you use to ensure that they have communicated to ...

  • We are about to rebuild from scratch our entire set of due diligence onboarding documents. None are yet completed, but I thought I would share how we are going about it. We are asking each key stakeholder, "what is important to YOU?" At least this way ...

  • Posted in: Reporting

    ​ Re Colleen Jewell-Suiter's post: Interesting. I have never received the "note to be disclosed to the board" you provided. When I request and receive an IT-ROE from the OCC, the following statement is included in the email: This ROE remains ...

  • Posted in: Risk Assessments

    Currently my Company uses BitSight to help with vetting vendors along with the documentation that we request from them. ​I am wondering what tools/websites that most use to vet or find out information on a particular Vendor.

  • Profile Picture

    RE: SOC Reports Q&A

    Has anyone found a SOC review template/form that their auditors seem to like?

    1 person likes this.
  • Posted in: Contract Management

    Seeking some advice before signing a contract with a vendor who I don't believe we should do business with! The board is ultimately responsible for our third parties and if our risk committee disagrees with me then it goes to the board for review. One ...

  • In my program - we include any and all vendors/suppliers that receive payment in exchange for goods and services. The initial on-boarding is very quick so any vendor that exposes us to little or no risk, ie the florist, is quickly identified as an approved ...

    2 people like this.