This message was posted by a user wishing to remain anonymous
Good afternoon,
Are those the only questions you're asking to determine the criticality of a vendor? If so, it may help to add if that vendor will have access to non-public information and/or if that vendor will have access to your customer/member data; Determine what level of your customer/member will this vendor have access to and what the cost of breach will be. Your organization will have to determine those metrics. Another question you may want to incorporate is the annual cost with the vendor.
It was medium criticality for us initially, but after further discussion with our stakeholders and based on additional factors, we overrode the criticality to a high rating. This will also allow our organization to initiate ongoing VDD on an annual basis.
Original Message:
Sent: 07-17-2023 02:13 PM
From: Anonymous Member
Subject: Critical Vendor
This message was posted by a user wishing to remain anonymous
Good Morning all,
I need the community's opinion on a vendor criticality.
We are a financial institution and one of our vendors
I am trying to figure out if we should consider them a Critical vendor. We use a very similar definition as Venminder. Which is:
- Suppose there was a significant third-party vendor failure. Would the sudden loss of this third party cause significant disruption to your business?
- Would the sudden loss impact your organization's customers?
- If the vendor service is disrupted, would there be a negative impact on your operations if the time to restore service took more than 24 hours?
I want to know how other FI classify wire transfers, and why.
Thanks