Trending

Check Out Trending Discussions
Network. Collaborate. Connect. 

This community provides a space where professionals in the industry can access third party risk management resources, and more importantly, interact with each other through discussion boards. You’re able to network, share stories, ask questions, receive feedback from others to help overcome your own challenges and more. 

Trending Discussions

  • Profile Picture

    Insurance coverage

    This message was posted by a user wishing to remain anonymous Good Afternoon, Looking for guidance on Insurance coverages for vendors. Currently, I am just reviewing that they have coverage and it's not expired. Is there a reference guide that pertains ...

    1 person likes this.
  • Posted in: Risk Assessments

    Good afternoon, I am reviewing our current risk assessment questionnaire and looking for input. Our current questionnaire includes the following question: "The vendor deploys adequate accounting controls which have been deemed Sarbanes–Oxley (SOX) compliant." ...

  • Profile Picture

    Model Clauses

    Posted in: Contract Management

    Hi, Can anyone recommend a good source for 'model' clause language? I'm not talking about which clauses should be in a contract. Or even the issues which need to be covered in particular clauses. I'm looking for examples of really good clauses. Joe

    1 person likes this.
  • We don't have any subscriptions for monitoring vendors' negative news or whether they're in any regulatory trouble, so we generally do this manually during review time for critical and high-risk vendors only... While I know this isn't often enough, it ...

  • Posted in: Risk Assessments

    Dear All, What are the risks triggered in POS terminal contracts with third parties? As per my knowledge Point of sale Terminal contracts trigger Infosec and Cyber security risks,Business continuity and physical security risks.Will such relationships ...

  • Profile Picture

    Due Diligence on Regulators

    This message was posted by a user wishing to remain anonymous I'm curious if you consider your regulator a vendor. If so, what does the due diligence process look like for you?

  • Profile Picture

    Team Structure

    We're a growing business spanning multiple entity/disciplines and soon to be continents and I wondered if anyone would be happy sharing their Vendor Management team, 3rd party risk and procurement structure. I'm mapping out all the key tasks/areas and ...

    1 person likes this.
  • Hi. One our vendors was recently acquired by a foreign holding company. Are there any special requirements that I should include in our due diligence reviews now?

    1 person likes this.
  • One of our vendors was recently acquired by another company. This company is private and does not want to share their financial statements, however, they are willing to meet via Zoom to discuss their financials. What questions should I ask them?

  • Good Morning, I have a case where a department in my organisation want to do a trial on a web application. Do you do due diligence (SOC review etc....) Before the trial ? After they do the trial ? in conjunction with the trial ? Regar ...

  • Profile Picture

    RFP Software

    This message was posted by a user wishing to remain anonymous Seeking recommendations for RFP software.

  • Posted in: Risk Assessments

    I understand that using a "new technology" poses some inherent risk. But aside from whatever due diligence items are required for an application that is hosting data or connected to our network, what else might need to be or could be considered to mitigate ...

    1 person likes this.
  • Profile Picture

    4th Party Vendors

    ​​ What is your plan for 4th party vendors on a critical vendor?

  • Does anyone have suggestions for completing site visits during the Covid 19 environment? Any alternative approaches being contemplated?

  • ​ Would you consider a member's list to be non public or public information at a credit union? We have always kept it as our own, but now we are having vendors who need that information. Would you consider the vendors that have to have this information ...

  • Profile Picture

    Non public personal information

    This message was posted by a user wishing to remain anonymous If a TPSP only has access to name and address is that still considered NPPI? or Name and email address?

  • Profile Picture

    New Vendor Review

    ​We are currently reviewing our approval process for new vendors and looking for some process improvements to our current procedures; we would like to understand what other financial institutions are doing. Would anyone be open to sharing how you are ...

  • Profile Picture

    vendors and cloud software assessment (AWS)

    This message was posted by a user wishing to remain anonymous I have a vendor hosting an application in the cloud and due to the "shared cloud responsibility", I'm wondering if requiring reports (i.e. output of trusted advisor, is IAM used?, cloudtrail ...

  • Profile Picture

    Law Firms

    This message was posted by a user wishing to remain anonymous How are you addressing law firms? Given law firms and their individual lawyers are subject to binding ethical and legal obligations to maintain the confidentiality of everything they ...

  • Good Morning Think Tank Members, Curious if anyone has a good slide show/info piece that they can share for the "sales side" of Vendor Requests? Looking for material that will help explain Vendor Management high-level for the sales side of the house ...

    2 people like this.