This message was posted by a user wishing to remain anonymous
I think it depends on how you define critical. We use risk tiers for the risk level, and Critical is a designation. In regard to HR systems, we would need to determine the impact on the operation of the firm. However, since there is NPPI stored in the system, it would be Inherently High risk.
Original Message:
Sent: 11-02-2023 08:13 AM
From: Anonymous Member
Subject: HR Vendors e.g. Payroll/Health Ins. Vendors
This message was posted by a user wishing to remain anonymous
When considering critical vendors do you also view HR managed vendors such as Payroll and Benefit Insurance companies as critical vendors to the organization. I am interested in hearing others thoughts on this?