Trending

Check Out Trending Discussions
Network. Collaborate. Connect. 

This community provides a space where professionals in the industry can access third party risk management resources, and more importantly, interact with each other through discussion boards. You’re able to network, share stories, ask questions, receive feedback from others to help overcome your own challenges and more. 

Trending Discussions

  • Posted in: Risk Assessments

    Hello, When do you know if you should perform a risk assessment on a vendor? How do you know it qualifies/does not qualify as a "vendor"? It feels counterproductive to perform a risk assessment on vendors such as lawn care, snow removal, magazine ...

  • Profile Picture

    Risk assessment

    Posted in: Risk Assessments

    Hi All, Happy New Year! Is there a list of services outsourced by a financial institution which is out of scope for risk assessment like telephone and utility bills,statuatory and regulatory services,softwares and licenses, temp staff hiring? T ...

  • Posted in: Regulations

    Regulatory alert! The OCC, Federal Reserve and related federal regulatory bodies have issued a notice of proposed rulemaking. If implemented the proposed regulations would: 1) define which type of cybersecurity incidents would need to be reported to ...

  • Profile Picture

    Custodian For Fannie Mae Collateral

    This message was posted by a user wishing to remain anonymous Good Afternoon, We are considering adding an additional document Custodian for Fannie Mae Documents. Can anyone provide any guidance how to Vet such a vendor? Since the Vendor is a Bank ...

  • Hi, The SolarWinds hack has impacted approximately 18,000 of its customers (those using the vulnerable versions of the Orion product). Does anyone know if the list of 18,000 potentially impacted customers has been made public? Although my company has ...

  • Are there specific industries or vendors that you exclude from your vendor list or vendor management program, such as utilites, appraisers, FED, etc.?

  • Hello everyone! I'm wondering how you handle due diligence for vendors like, The Federal Home Loan Mortgage Corporation (Freddie Mac). We're thinking it would be very hard to get any type of due diligence from them and leaning towards making them exempt ...

  • Profile Picture

    SOC Risk Assessment

    Posted in: Risk Assessments

    ​Hello, would anyone be willing to share a checklist or document for Risk Assessments of Critical Vendors SOC Reports?​​

    2 people like this.
  • Posted in: Contract Management

    Hi all, I'm looking for recommendations on the components of a well-formed disaster recovery clause. I have a few examples, and from what I can tell the more complete ones have the following provisions/requirements: Maintain a plan and procedures ...

  • Posted in: Risk Assessments

    Hello, As we are developing our TPRM program we are looking to get security assessments to our independent agents, who we list as third-parties. We are not going to give them our usual assessment that we give to the rest of our critical/high-risk vendors, ...

    1 person likes this.
  • Profile Picture

    Insurance coverage

    This message was posted by a user wishing to remain anonymous Good Afternoon, Looking for guidance on Insurance coverages for vendors. Currently, I am just reviewing that they have coverage and it's not expired. Is there a reference guide that pertains ...

    1 person likes this.
  • Posted in: Risk Assessments

    Good afternoon, I am reviewing our current risk assessment questionnaire and looking for input. Our current questionnaire includes the following question: "The vendor deploys adequate accounting controls which have been deemed Sarbanes–Oxley (SOX) compliant." ...

  • Profile Picture

    Model Clauses

    Posted in: Contract Management

    Hi, Can anyone recommend a good source for 'model' clause language? I'm not talking about which clauses should be in a contract. Or even the issues which need to be covered in particular clauses. I'm looking for examples of really good clauses. Joe

    1 person likes this.
  • We don't have any subscriptions for monitoring vendors' negative news or whether they're in any regulatory trouble, so we generally do this manually during review time for critical and high-risk vendors only... While I know this isn't often enough, it ...

  • Posted in: Risk Assessments

    Dear All, What are the risks triggered in POS terminal contracts with third parties? As per my knowledge Point of sale Terminal contracts trigger Infosec and Cyber security risks,Business continuity and physical security risks.Will such relationships ...

  • Profile Picture

    Due Diligence on Regulators

    This message was posted by a user wishing to remain anonymous I'm curious if you consider your regulator a vendor. If so, what does the due diligence process look like for you?

  • Profile Picture

    Team Structure

    We're a growing business spanning multiple entity/disciplines and soon to be continents and I wondered if anyone would be happy sharing their Vendor Management team, 3rd party risk and procurement structure. I'm mapping out all the key tasks/areas and ...

    1 person likes this.
  • Hi. One our vendors was recently acquired by a foreign holding company. Are there any special requirements that I should include in our due diligence reviews now?

    1 person likes this.
  • One of our vendors was recently acquired by another company. This company is private and does not want to share their financial statements, however, they are willing to meet via Zoom to discuss their financials. What questions should I ask them?

  • Good Morning, I have a case where a department in my organisation want to do a trial on a web application. Do you do due diligence (SOC review etc....) Before the trial ? After they do the trial ? in conjunction with the trial ? Regar ...