Unanswered Questions

  • Profile Picture

    Supplier Risk Assessment

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous Hi All, I'm looking for best practices to what other organizations do to assess supplier risk around technology, people, service, change management, the supplier ... More

    2 people like this.
  • This subset of third party relationships came to my attention and I'm still preforming discovery on the details. If your institution is involved in this sort of activity with SBA deals, I'd be interested in your approach regarding SBA-CDCs. Inventoried ... More

  • Profile Picture

    Credit Union Sponsoring Organizations

    This message was posted by a user wishing to remain anonymous ​​Hello, The following questions are directed to people working for the Credit Unions. Do you perform any due diligence on Sponsoring Organizations. If you do, what information you ask ... More

  • Posted in: Regulations

    Enforcement alert! The OCC has just fined Wells Fargo $250M because of its failure to comply with a 2018 consent order. You may recall that the 2018 order cited deficiencies in Wells Fargo's risk management program. As part of the 2018 order, the OCC ... More

  • Profile Picture

    Using a GRC Tool for TPRM

    This message was posted by a user wishing to remain anonymous Does anyone in this community utilize LogicGate as their GRC tool and operate their TPRM program using that system? We are in the early stages of trying to stand up our program and I've run ... More

  • Profile Picture


    Good morning, Does anyone have the most recent SIG / SIG LITE form to share in Excel format? Thanks in advance! More

  • Profile Picture

    Vendor Risk Security Report

    This message was posted by a user wishing to remain anonymous Would any have a template that they can share in summarizing the vendor's security (control environment) in a report style template (i.e. doc)? More

  • Profile Picture

    Preferred Vendor Management System?

    This message was posted by a user wishing to remain anonymous Apologies in advance if this isn't posted in the right place. I'm sure this has been asked before, but I was curious what anyone's recommendations would be for their favorite out-of-the-box ... More

  • Good Afternoon, Currently hiring for a for a Integrated Risk position covering all risk areas: Vendor Management, Enterprise Risk Management, and Business Continuity. To view the job posting, please click here. Or go to www.midflorida.com and click ... More

  • I am looking for examples of vendor management policies addressing Vendors and IT assets selection criteria during due diligence process. More specifically: What due diligence documents do you request from new vendors ? is it based on the vendor ... More

  • Hi all, wanted to share the below for those who have not yet seen it: Microsoft announced on Tuesday, March 2nd that four zero-day exploits have been discovered. Due to the high impact of these exploits, Microsoft has issued patches outside of its normal ... More

    3 people like this.
  • The Washington State Employment Security Department is back in the news with another breach, this time of its third party data transfer vendor Accelion and a 20-year old product. Note that they had made a newer product available which ESD had not yet ... More

    2 people like this.