This message was posted by a user wishing to remain anonymous
Hello,
I am in the process of revamping my bank's vendor management procedures and processes. It is my understanding that a product and service risk assessment is separate from a vendor risk assessment. Is that correct? And if so, would a product and service risk assessment be required across all tiers of vendors?
Also, are both completed at the same time during vendor due diligence?
Any clarifications on the two would be very much appreciated.
Thanks!