Unanswered Questions

This message was posted by a user wishing to remain anonymous Hi! I am new to working for a small company where in some cases of software, maintenance, and equipment purchases that we have to go through Resellers for those needs. We have a few resellers ... More

This message was posted by a user wishing to remain anonymous Hello, <o:p></o:p> As a newer practitioner of TPRM I have a question: <o:p></o:p> We use an e-mail, web security and archiving service vendor that provides cloud computing services ... More

This message was posted by a user wishing to remain anonymous What type of documents should I collect from a third party reseller of IT services. More

This message was posted by a user wishing to remain anonymous Do you have documented exit plans for your vendors? If so, how are you documenting those and what are you including in the documents? We are planning to start with critical vendors and have ... More

Hi Michelle, We outsource the periodic (and sometimes initial) reviews for all of our Critical and some of our Significant vendors each year to the company we use for our ERM Suite, (which includes Vendor Management). They collect and review documentation ... More

With our BaaS opportunities and working with a company based out of Sweden, they have advised that DORA and SOC2 are similar and I am seeking any guidance on this topic from this community. We read that EY consultants met with leaders from the Swedish ... More

Hi all, Could anyone share TPRM escalation matrix template. Which will cover both internal (TPRM team) & external (Vendor) escalation matrix. Thanks in advance. - Srinivasa More

With our BaaS opportunities and working with a company based out of Sweden, they have advised that DORA and SOC2 are similar and I am seeking any guidance on this topic from this community. We read that EY consultants met with leaders from the Swedish ... More

Hello Everyone, In a Value Stream Mapping session and relocation vendors came up. In case you are unfamiliar, these are vendors who reimburse our organization for all or a portion of the closing fees associated with an employee relocating at their ... More

Wondering what business/financial intelligence tools you all may use for ongoing monitoring. I've done a bit of research, but what I'm coming up with is mostly from sales perspectives (research)and not from risk/monitoring perspectives. I'm considering ... More

Hello all, Any insights on what criteria to focus on when developing policy and procedures related to vendor prepayment or advance payment to vendor? Thank you very much in advance for your time and guidance. Sincerely, Dee More

This message was posted by a user wishing to remain anonymous I'm wondering if there is any industry standards information that exists surrounding TPRM Staffing Models. I'm interested in seeing things such as "X" number of TPRM and InfoSec Assessors ... More

This message was posted by a user wishing to remain anonymous What do you consider NPI under your vendor management program for a financial institution? More

This message was posted by a user wishing to remain anonymous Our health plan is working on maturing our vendor management program and would appreciate seeing any examples of inherent/residual risk assessments being used by other health plans. Thank ... More