Unanswered Questions

This message was posted by a user wishing to remain anonymous Hello, our insurance company has suggested that we have our vendors sign a Risk Transfer & Insurance Agreement to further mitigate risk around the vendor not having sufficient insurance coverage.while ... More

Wondering what business/financial intelligence tools you all may use for ongoing monitoring. I've done a bit of research, but what I'm coming up with is mostly from sales perspectives (research)and not from risk/monitoring perspectives. I'm considering ... More

This message was posted by a user wishing to remain anonymous In addition to the standard questions considered regarding criticality (operational disruption, customer impact, etc.), my organization will also consider a vendor critical if the initial ... More

This message was posted by a user wishing to remain anonymous Once an initial w9 is obtained from the vendor should we request one again after a specific year? More

Hello all, Any insights on what criteria to focus on when developing policy and procedures related to vendor prepayment or advance payment to vendor? Thank you very much in advance for your time and guidance. Sincerely, Dee More

This message was posted by a user wishing to remain anonymous I'm wondering if there is any industry standards information that exists surrounding TPRM Staffing Models. I'm interested in seeing things such as "X" number of TPRM and InfoSec Assessors ... More

This message was posted by a user wishing to remain anonymous What do you consider NPI under your vendor management program for a financial institution? More

This message was posted by a user wishing to remain anonymous Our health plan is working on maturing our vendor management program and would appreciate seeing any examples of inherent/residual risk assessments being used by other health plans. Thank ... More

This message was posted by a user wishing to remain anonymous Good Morning, I am reaching out to see if anyone has a contract management checklist that you may be willing to share with me. I just inherited this task and would be grateful for any guidance ... More

Good Afternoon, I'm curious to hear perspectives on how your TPRM program treats third-party technology installed on-premise/on-site, versus a hosted or SaaS type relationship. We designed our risk assessment to elevate the risk of technology engagements ... More

This message was posted by a user wishing to remain anonymous I am looking to upgrade our program and it's documentation. Does anyone have a document template that they are using and would be able to share that indicates if you have either passed or ... More

This message was posted by a user wishing to remain anonymous My company has a need to collect background checks/fingerprinting for nom-domestic SOW workers. We are a financial services firm and are currently manually processing fingerprints. I was wondering ... More

Looking for some assistance..... Does anyone have an example or can describe how they incorporate PCI requirements in their initial risk and significance assessment? Besides the PCI DSS AOC, is there any other due diligence documents that you review ... More

Hello Douglas Frey, I am interested in attending. Thanks! More

Hi Everyone, I work for Delaware North in Buffalo, NY, and we are a private hospitality and food service company focused on airports, parks, sporting events, restaurants, and gaming. I have 23 years of experience in banking and risk, but I'm now developing ... More

Is there anyone in the Scottsdale, AZ or Indianapolis, IN areas that could recommend their cleaning and shred vendors? More

Hi everyone, Hope all well! I remember there was a discussion happened sometime bk for creating a group of Third party risk management professionals from Non Banking sector.If the group is made please can someone add me in it.Thanks! Regards, Paya ... More

This message was posted by a user wishing to remain anonymous Do any of you have a generic template for requesting RFP's? More

Hi All I would like to understand how the below policy can be implemented for Third parties, what is the current practise. https://www.legislation.gov.uk/ukdsi/2015/9780111138847#:~:text=Section%2054%20of%20the%20Modern,by%20the%20Secretary%20of%20State ... More