Contract Management

Hello all,

We are a financial institution and have lease agreements for some of our branch and ATM locations. Within your TPRM or Vendor Management program, do you include these types of relationships as regular vendors and follow typical vendor due diligence processes? Is this a vendor you would consider out of scope or exempt from your process? Thank you.

We are a credit union and we track the contracts in our TPRM software and show them as Exempt (for tracking purposes).  But are looking at other options that can be easier for all parties involved.  Hope this is helpful.

------------------------------
Karen Waterman, CFSA, NCCO, NCRM, CUERME
Enterprise Risk Director
Nusenda Credit Union
------------------------------

Our company is a registered investment adviser. We treat leases for office space (etc.) within our vendor management program because of potential access to PII, our business spaces during the work day etc. (Clean desk policy doesn't guarantee that employees keep confidential materials off their desk.) Another factor is the availability of the office space for usage-less of a factor with remote working, but still important ICO emergency situation where power is out for employees' homes but not at the workspace. (Not saying we'd force people to the office in a severe earthquake, snowstorm, hurricane etc. scenario.)

An analogous situation is this: Does your program include the cloud service providers? Any off-site storage locations for hard copy records? Shredding companies?

Hope this is helpful. Good luck!

Hello,

I'm newer to my company and am not sure the backstory but SAAS, cloud service providers, off-site storage locations for hard copy records, and Shredding companies used to be out of scope for our program. However that is no longer the case and they are now being added to our TPRM program for due diligence and tracking.