Good Morning all,
I need the community's opinion on a vendor criticality.
We are a financial institution and one of our vendors
I am trying to figure out if we should consider them a Critical vendor. We use a very similar definition as Venminder. Which is:
I want to know how other FI classify wire transfers, and why.
Are those the only questions you're asking to determine the criticality of a vendor? If so, it may help to add if that vendor will have access to non-public information and/or if that vendor will have access to your customer/member data; Determine what level of your customer/member will this vendor have access to and what the cost of breach will be. Your organization will have to determine those metrics. Another question you may want to incorporate is the annual cost with the vendor.
It was medium criticality for us initially, but after further discussion with our stakeholders and based on additional factors, we overrode the criticality to a high rating. This will also allow our organization to initiate ongoing VDD on an annual basis.
We use the same "impact focused" questions to determine criticality.
We do not rate wire transfers as critical. ACH would be an alternative for domestic transfers and our volume in international wire transfers is low - there wouldn't be a significant impact.
Thank you for all the responses.