Unanswered Questions

Help Answer the Unanswered Questions
Advise. Network. Collaborate. 

This community provides a space where professionals in the industry can access third party risk management resources, and more importantly, interact with each other through discussion boards. You’re able to network, share stories, ask questions, receive feedback from others to help overcome your own challenges and more. 
  • Profile Picture

    Delegation of assessments and approvals

    This message was posted by a user wishing to remain anonymous We are reevaluating the key roles within the business that support TRPM, specifically: completing internal assessments, reviewing/approving findings (potential issues). On occasion, these ... More

  • Profile Picture

    SIG LITE

    Good morning, Does anyone have the most recent SIG / SIG LITE form to share in Excel format? Thanks in advance! More

  • Profile Picture

    Vendor Risk Security Report

    This message was posted by a user wishing to remain anonymous Would any have a template that they can share in summarizing the vendor's security (control environment) in a report style template (i.e. doc)? More

  • Profile Picture

    Preferred Vendor Management System?

    This message was posted by a user wishing to remain anonymous Apologies in advance if this isn't posted in the right place. I'm sure this has been asked before, but I was curious what anyone's recommendations would be for their favorite out-of-the-box ... More

  • Good Afternoon, Currently hiring for a for a Integrated Risk position covering all risk areas: Vendor Management, Enterprise Risk Management, and Business Continuity. To view the job posting, please click here. Or go to www.midflorida.com and click ... More

  • I am looking for examples of vendor management policies addressing Vendors and IT assets selection criteria during due diligence process. More specifically: What due diligence documents do you request from new vendors ? is it based on the vendor ... More

  • Hi all, wanted to share the below for those who have not yet seen it: Microsoft announced on Tuesday, March 2nd that four zero-day exploits have been discovered. Due to the high impact of these exploits, Microsoft has issued patches outside of its normal ... More

    3 people like this.
  • The Washington State Employment Security Department is back in the news with another breach, this time of its third party data transfer vendor Accelion and a 20-year old product. Note that they had made a newer product available which ESD had not yet ... More

    2 people like this.
  • Hi, The SolarWinds hack has impacted approximately 18,000 of its customers (those using the vulnerable versions of the Orion product). Does anyone know if the list of 18,000 potentially impacted customers has been made public? Although my company has ... More

  • Profile Picture

    On-Premise vs. Cloud - Risk Assessment Questionnai ...

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous Hello. I work for a FinTech company and I am fairly new to vendor risk management. My company has around 200 vendors and we have an initial, general due diligence request form that I want ... More

    3 people like this.
  • Posted in: Risk Assessments

    Does anyone have an Executive Summary that they use with their Risk Assessment template that they are willing to share? Thank you! More

    1 person likes this.
  • Posted in: Regulations

    Last week California voters passed the California Privacy Rights Act, which effectively replaces the existing California Consumer Privacy Act. CRPA has provisions directly pertaining to vendor management, including specific requirements which must be ... More

  • Posted in: Regulations

    Heads up! The Fed, FDIC, and OCC have issued an new interagency paper entitled "Sound Practices to Strengthen Operational Resilience". This guidance does not necessarily expand existing regulations or guidance. Instead, it lists 'sound practices' ... More

    1 person likes this.
  • Posted in: Risk Assessments

    Hi All, How do you classify your managed print services vendor? Thanks for the feedback. More