Unanswered

Help Answer the Unanswered Questions
Advise. Network. Collaborate. 

This community provides a space where professionals in the industry can access third party risk management resources, and more importantly, interact with each other through discussion boards. You’re able to network, share stories, ask questions, receive feedback from others to help overcome your own challenges and more. 
  • Posted in: Risk Assessments

    Hi All, How do you classify your managed print services vendor? Thanks for the feedback. More

  • Profile Picture

    Data Classification

    One of our audit recommendation last year was top expend our policies on data classification. it was recommended that we come up with a way to classify banks data and information per level of sensitivity and/or impact to the bank should that data be ... More

  • Profile Picture

    Vendor Diversity Policy

    This message was posted by a user wishing to remain anonymous Does your organization have a vendor diversity policy? If yes, will you share it with the group? More

  • Profile Picture

    Vendor Diversity Policy

    Do you have a vendor diversity policy? If yes, will you share it? Thanks More

  • Profile Picture

    Cyber Risk Monitoring

    Is anyone using Cyber Risk Monitoring tools as part of the ongoing monitoring? If so, can you share your monitoring requirements? When alerted to a risk or change in cyber score, what do you do with this information? Do you work with the vendor to identify ... More

  • Profile Picture

    Quantitative Risk Models

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous We use a qualitative risk model to support our Vendor Management Program (VMP) today. There are various benefits to this but we are considering the use of a quantitative model as well to ... More

    2 people like this.
  • Posted in: Risk Assessments

    We are working on beefing up our enterprise level risk management. That includes working on risk assessing ACTIVITIES versus just the vendor/product. Does anybody else assess risk at an activity level with an actual answered assessment? More

  • Profile Picture

    Settlement Service Providers, no contractual relat ...

    This message was posted by a user wishing to remain anonymous Non-bank lenders: Do you track in Venminder or perform due diligence of any kind on settlement service providers that you list (but have no contractual relationship with yourself). Thoug ... More

  • Profile Picture

    vendors and cloud software assessment (AWS)

    This message was posted by a user wishing to remain anonymous As more vendors are hosting software in the cloud, are information security analysts requesting for a connection into the vendor's cloud environment? i.e. a connection would allow verification ... More

    1 person likes this.
  • Good Morning Think Tank Members, Curious if anyone has a good slide show/info piece that they can share for the "sales side" of Vendor Requests? Looking for material that will help explain Vendor Management high-level for the sales side of the house ... More

    2 people like this.
  • We currently utilize RSA Archer as our system of record for our Vendor Management Risk Program. Understanding, there is an API between Venminder's software and Archer, we are looking to enhance our relationship with Venminder and begin using their software. ... More

    1 person likes this.
  • Profile Picture

    Compliance Risk

    This message was posted by a user wishing to remain anonymous How does everyone handle Compliance Risk? Our program is designed to identify and assess general Compliance Risk associated with new and existing Third Party engagements. We want to review ... More

  • Profile Picture

    OCC Bulletin (last week)

    Posted in: Regulations

    ​​The OCC last week issued an updated set of FAQs for the 2013-19 bulletin dealing with TPRM. Even if you are not an OCC regulated institution, they are part of the FFIEC and I have regarded them as the 'thought leaders' among the other agencies on third-party ... More

  • Profile Picture

    Vendor Security Questionnaires

    Posted in: Exams or Audits

    This message was posted by a user wishing to remain anonymous ​At my present company we have had issues with new vendor applications/software coming into our environment and not vetted properly which caused a audit finding to be issued by Internal audit. ... More

  • Profile Picture

    Uae Central Bank regulations for Financial Institu ...

    Posted in: Regulations

    This message was posted by a user wishing to remain anonymous Dear All, could anybody tell me which are regulated activities in a UAE bank as per central bank regulations.If a courier company is onboarded by the bank which does delivery for customer ... More

  • Posted in: Regulations

    ​Hi everyone. I wanted to share this link to a recent speech from Federal Reserve Governor Michelle Bowman, in which she talks about how the Fed can help community banks in managing its third parties more efficiently, and also the need to update FRB guidance ... More

    5 people like this.
  • Profile Picture

    Annual Report - overall condition and performance of ...

    This message was posted by a user wishing to remain anonymous Recent audit is asking us to ensure the annual report to the board sufficiently addresses the scope and detail regarding vendor oversight activities. Including overall condition and performance ... More

  • Hi all, we are hiring a vendor management analyst at Banc of California. Job # 20000033 ​or search "vendor." Apply online at https://bancofcal.taleo.net/careersection/ex/jobsearch.ftl?lang=en More

  • Does anyone use Net Promoter Score as a data point for their supply base? Or do you use an internal measure for customer sentiment (e.g. internal users of product/services?​ More

  • Profile Picture

    CIS Controls questionnaire

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous I am looking for a questionnaire to use based off of the CIS controls. Does know if such a questionnaire exists? Thanks More