Unanswered Questions

  • Posted in: Contract Management

    This message was posted by a user wishing to remain anonymous Hi I need some assistance re Contract Mgt policy templates as well as the standards/actions that should be taken during the different phases on a contract: Onboarding, On Going Monitoring, ... More

  • Profile Picture

    Credit Union Sponsoring Organizations

    This message was posted by a user wishing to remain anonymous ​​Hello, The following questions are directed to people working for the Credit Unions. Do you perform any due diligence on Sponsoring Organizations. If you do, what information you ask ... More

  • Posted in: Regulations

    Enforcement alert! The OCC has just fined Wells Fargo $250M because of its failure to comply with a 2018 consent order. You may recall that the 2018 order cited deficiencies in Wells Fargo's risk management program. As part of the 2018 order, the OCC ... More

  • Profile Picture

    Using a GRC Tool for TPRM

    This message was posted by a user wishing to remain anonymous Does anyone in this community utilize LogicGate as their GRC tool and operate their TPRM program using that system? We are in the early stages of trying to stand up our program and I've run ... More

  • Profile Picture

    SIG LITE

    Good morning, Does anyone have the most recent SIG / SIG LITE form to share in Excel format? Thanks in advance! More

  • Profile Picture

    Vendor Risk Security Report

    This message was posted by a user wishing to remain anonymous Would any have a template that they can share in summarizing the vendor's security (control environment) in a report style template (i.e. doc)? More

  • Profile Picture

    Preferred Vendor Management System?

    This message was posted by a user wishing to remain anonymous Apologies in advance if this isn't posted in the right place. I'm sure this has been asked before, but I was curious what anyone's recommendations would be for their favorite out-of-the-box ... More

  • Good Afternoon, Currently hiring for a for a Integrated Risk position covering all risk areas: Vendor Management, Enterprise Risk Management, and Business Continuity. To view the job posting, please click here. Or go to www.midflorida.com and click ... More

  • I am looking for examples of vendor management policies addressing Vendors and IT assets selection criteria during due diligence process. More specifically: What due diligence documents do you request from new vendors ? is it based on the vendor ... More

  • Hi all, wanted to share the below for those who have not yet seen it: Microsoft announced on Tuesday, March 2nd that four zero-day exploits have been discovered. Due to the high impact of these exploits, Microsoft has issued patches outside of its normal ... More

    3 people like this.
  • The Washington State Employment Security Department is back in the news with another breach, this time of its third party data transfer vendor Accelion and a 20-year old product. Note that they had made a newer product available which ESD had not yet ... More

    2 people like this.
  • Hi, The SolarWinds hack has impacted approximately 18,000 of its customers (those using the vulnerable versions of the Orion product). Does anyone know if the list of 18,000 potentially impacted customers has been made public? Although my company has ... More

  • Profile Picture

    On-Premise vs. Cloud - Risk Assessment Questionnai ...

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous Hello. I work for a FinTech company and I am fairly new to vendor risk management. My company has around 200 vendors and we have an initial, general due diligence request form that I want ... More

    3 people like this.
  • Posted in: Risk Assessments

    Does anyone have an Executive Summary that they use with their Risk Assessment template that they are willing to share? Thank you! More

    1 person likes this.
  • Posted in: Regulations

    Last week California voters passed the California Privacy Rights Act, which effectively replaces the existing California Consumer Privacy Act. CRPA has provisions directly pertaining to vendor management, including specific requirements which must be ... More

  • Posted in: Regulations

    Heads up! The Fed, FDIC, and OCC have issued an new interagency paper entitled "Sound Practices to Strengthen Operational Resilience". This guidance does not necessarily expand existing regulations or guidance. Instead, it lists 'sound practices' ... More

    1 person likes this.