Unanswered

Help Answer the Unanswered Questions
Advise. Network. Collaborate. 

This community provides a space where professionals in the industry can access third party risk management resources, and more importantly, interact with each other through discussion boards. You’re able to network, share stories, ask questions, receive feedback from others to help overcome your own challenges and more. 
  • Hi, The SolarWinds hack has impacted approximately 18,000 of its customers (those using the vulnerable versions of the Orion product). Does anyone know if the list of 18,000 potentially impacted customers has been made public? Although my company has ... More

  • Profile Picture

    On-Premise vs. Cloud - Risk Assessment Questionnai ...

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous Hello. I work for a FinTech company and I am fairly new to vendor risk management. My company has around 200 vendors and we have an initial, general due diligence request form that I want ... More

    3 people like this.
  • Posted in: Risk Assessments

    Does anyone have an Executive Summary that they use with their Risk Assessment template that they are willing to share? Thank you! More

  • Posted in: Regulations

    Last week California voters passed the California Privacy Rights Act, which effectively replaces the existing California Consumer Privacy Act. CRPA has provisions directly pertaining to vendor management, including specific requirements which must be ... More

  • Posted in: Regulations

    Heads up! The Fed, FDIC, and OCC have issued an new interagency paper entitled "Sound Practices to Strengthen Operational Resilience". This guidance does not necessarily expand existing regulations or guidance. Instead, it lists 'sound practices' ... More

    1 person likes this.
  • Posted in: Risk Assessments

    Hi All, How do you classify your managed print services vendor? Thanks for the feedback. More

  • Profile Picture

    Data Classification

    One of our audit recommendation last year was top expend our policies on data classification. it was recommended that we come up with a way to classify banks data and information per level of sensitivity and/or impact to the bank should that data be ... More

  • Profile Picture

    Vendor Diversity Policy

    This message was posted by a user wishing to remain anonymous Does your organization have a vendor diversity policy? If yes, will you share it with the group? More

  • Profile Picture

    Vendor Diversity Policy

    Do you have a vendor diversity policy? If yes, will you share it? Thanks More

  • Profile Picture

    Cyber Risk Monitoring

    Is anyone using Cyber Risk Monitoring tools as part of the ongoing monitoring? If so, can you share your monitoring requirements? When alerted to a risk or change in cyber score, what do you do with this information? Do you work with the vendor to identify ... More

    1 person likes this.
  • Profile Picture

    Quantitative Risk Models

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous We use a qualitative risk model to support our Vendor Management Program (VMP) today. There are various benefits to this but we are considering the use of a quantitative model as well to ... More

    2 people like this.
  • Posted in: Risk Assessments

    We are working on beefing up our enterprise level risk management. That includes working on risk assessing ACTIVITIES versus just the vendor/product. Does anybody else assess risk at an activity level with an actual answered assessment? More

  • Profile Picture

    Settlement Service Providers, no contractual relat ...

    This message was posted by a user wishing to remain anonymous Non-bank lenders: Do you track in Venminder or perform due diligence of any kind on settlement service providers that you list (but have no contractual relationship with yourself). Thoug ... More

  • Profile Picture

    vendors and cloud software assessment (AWS)

    This message was posted by a user wishing to remain anonymous As more vendors are hosting software in the cloud, are information security analysts requesting for a connection into the vendor's cloud environment? i.e. a connection would allow verification ... More

    1 person likes this.
  • Good Morning Think Tank Members, Curious if anyone has a good slide show/info piece that they can share for the "sales side" of Vendor Requests? Looking for material that will help explain Vendor Management high-level for the sales side of the house ... More

    2 people like this.
  • We currently utilize RSA Archer as our system of record for our Vendor Management Risk Program. Understanding, there is an API between Venminder's software and Archer, we are looking to enhance our relationship with Venminder and begin using their software. ... More

    1 person likes this.
  • Profile Picture

    Compliance Risk

    This message was posted by a user wishing to remain anonymous How does everyone handle Compliance Risk? Our program is designed to identify and assess general Compliance Risk associated with new and existing Third Party engagements. We want to review ... More

  • Profile Picture

    OCC Bulletin (last week)

    Posted in: Regulations

    ​​The OCC last week issued an updated set of FAQs for the 2013-19 bulletin dealing with TPRM. Even if you are not an OCC regulated institution, they are part of the FFIEC and I have regarded them as the 'thought leaders' among the other agencies on third-party ... More

  • Profile Picture

    Vendor Security Questionnaires

    Posted in: Exams or Audits

    This message was posted by a user wishing to remain anonymous ​At my present company we have had issues with new vendor applications/software coming into our environment and not vetted properly which caused a audit finding to be issued by Internal audit. ... More

  • Profile Picture

    Uae Central Bank regulations for Financial Institu ...

    Posted in: Regulations

    This message was posted by a user wishing to remain anonymous Dear All, could anybody tell me which are regulated activities in a UAE bank as per central bank regulations.If a courier company is onboarded by the bank which does delivery for customer ... More