Risk Assessments

 View Only
  • 1.  HR Vendors e.g. Payroll/Health Ins. Vendors

    This message was posted by a user wishing to remain anonymous
    Posted 11-02-2023 08:24 AM
    This message was posted by a user wishing to remain anonymous

    When considering critical vendors do you also view HR managed vendors such as Payroll and Benefit Insurance companies as critical vendors to the organization.  I am interested in hearing others thoughts on this?



  • 2.  RE: HR Vendors e.g. Payroll/Health Ins. Vendors

    Posted 11-02-2023 08:48 AM

    We do because of the information that these vendors/systems store on our employees and their families.



    ------------------------------
    Brian Bowen
    AllSouth FCU
    ------------------------------



  • 3.  RE: HR Vendors e.g. Payroll/Health Ins. Vendors

    This message was posted by a user wishing to remain anonymous
    Posted 11-02-2023 10:35 AM
    This message was posted by a user wishing to remain anonymous

    I think it depends on how you define critical.  We use risk tiers for the risk level, and Critical is a designation.  In regard to HR systems, we would need to determine the impact on the operation of the firm.  However, since there is NPPI stored in the system, it would be Inherently High risk.




  • 4.  RE: HR Vendors e.g. Payroll/Health Ins. Vendors

    Posted 11-02-2023 11:04 AM

    The organizations that I have worked with have all classified our core payroll manager as a critical service. In addition to the sensitive information they maintain and the vital services they provide to employees, they serve a critical compliance function for the organization as it relates to Human Resources. Disruption of that service would put a huge burden on the organization and could produce residual consequences.