This message was posted by a user wishing to remain anonymous
We have a vendor that does just what you mentioned, and we have them categorized as Infrastructure. The due diligence that we collect annually on them is:
o A review of the contractual terms of the agreement
o Financial Analysis
o Evidence of Insurance Coverage
o Documentation of actions or incidents involving the vendor that could adversely impact the Credit Union, its members, or the vendor's continued ability to meet service level expectations. (Monitoring reports)
o Business Continuity, Disaster Recovery, and associated testing results
o Other information deemed appropriate (e.g. SLAs) based on the services provided by the vendor and the associated level of risk.
Original Message:
Sent: 11-13-2024 02:24 PM
From: Anonymous Member
Subject: Remote Services
This message was posted by a user wishing to remain anonymous
We are potentially bringing on a third party that will provide ATM software upgrades remotely. This third party will monitor the hardware/software remotely and push software patches/upgrades. No logical access to our network. Any guidance on what due diligence to collect or where to start?