Unanswered Questions

This message was posted by a user wishing to remain anonymous Hi everyone, does anyone have a list of questions or checklist, I can use to evaluate a Forensic vendor? Thanks. More

This message was posted by a user wishing to remain anonymous Hi, For small/medium sized businesses in Europe with very immature TPRM program in place, and no or limited resources/automation, I'd be interested in understanding how you perform due ... More

This message was posted by a user wishing to remain anonymous Has anyone worked on centralizing third-party inventory across multiple systems of record-especially in preparation for a regulatory data inventory request? How did you approach it, and what ... More

This message was posted by a user wishing to remain anonymous Please is anyone willing to share the Key Risk Indicators (KRIs) they use-particularly those reported to leadership-to evaluate the effectiveness of their Third Party Risk Management (TPRM) ... More

This message was posted by a user wishing to remain anonymous Is anyone willing to share their ongoing monitoring procedures. I am in the process of creating them, I started with Initiate the review by retrieving ongoing monitoring schedule and filtering ... More

This message was posted by a user wishing to remain anonymous Would anyone be willing to share their ongoing monitoring template for third parties? More

Good afternoon, We are launching a new program where we partner with various types of merchants to offer financing to their customers. Most are home-related (roofers, flooring, pools, HVAC) but we could expand to other areas over time. Is anyone ... More

This message was posted by a user wishing to remain anonymous We currently use Permission Assist (formerly a Sycorr product but they were recently acquired by SMA Technology/Continuous) for user access reviews. I found out today that starting at our ... More

With the many individual state privacy laws enacted that we need to ensure vendors are abiding by, I am looking for any best practices that anyone is using within the venminder platform to track their vendors to confirm they are abiding by them. In the ... More

This message was posted by a user wishing to remain anonymous Is anyone willing to share their ongoing monitoring list of documentation for consumer compliance risk? More

This message was posted by a user wishing to remain anonymous My company is expanding their current services to include banking services that would benefit our client base. (think HELOC pool purchases and portfolio lending) My TPRM program is geared ... More

Hello everyone - As a TPRM team we have always performed our own search via Secretary of State for the applicable state of each of our vendors. This cost is beginning to add up as most are registered in Delaware plus the added time it takes to search ... More

This message was posted by a user wishing to remain anonymous For those in the mortgage lending space, how do you handle due diligence for Third Party Service Providers & Leadshare Agreements. Does it roll up to Vendor Mgt team or a different team? ... More

This message was posted by a user wishing to remain anonymous We're moving to a new TPRM tool and taking the time to adjust our risk questionnaire. We prefer if a third-party provides SOC 2 Type II or ISO 27001, but for those who do not have either, ... More

This message was posted by a user wishing to remain anonymous Hello everyone, What metrics are you all tracking for law firms in your high-level reporting? Trying to figure out what would be most useful beyond inherent right or due diligence status. ... More

This message was posted by a user wishing to remain anonymous Is this impacting/changing anything you are collecting from or asking from the vendor? We already check against OFAC, SAM, HUD, and FHFA suspended counterparty lists (as applicable) and ... More

Hi, I'm looking to see if any organization is willing to share a redacted exit plan. My organization is developing exit plans for critical vendors and we're looking to see what others have done. More

Has anyone successfully negotiated a price hold clause within a SaaS agreement and are willing to share the language? More

This message was posted by a user wishing to remain anonymous Hi Community Members, I'm stepping into a new vendor oversight role managing Medicaid/Medicare supplemental vendors - such as behavioral health, dental, and vision - and I'm building ... More

This message was posted by a user wishing to remain anonymous Interested to see how plug-in apps to Salesforce or other vendors that have no data share and provided basically as a subscription based fee are handled in TPRM programs. Do others include ... More