Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Remote Services

    This message was posted by a user wishing to remain anonymous
    Posted 21 days ago
    This message was posted by a user wishing to remain anonymous

    We are potentially bringing on a third party that will provide ATM software upgrades remotely.  This third party will monitor the hardware/software remotely and push software patches/upgrades.  No logical access to our network.  Any guidance on what due diligence to collect or where to start?  



  • 2.  RE: Remote Services

    This message was posted by a user wishing to remain anonymous
    Posted 15 days ago
    This message was posted by a user wishing to remain anonymous

    We have a vendor that does just what you mentioned, and we have them categorized as Infrastructure. The due diligence that we collect annually on them is:

    o   A review of the contractual terms of the agreement

    o   Financial Analysis

    o   Evidence of Insurance Coverage

    o   Documentation of actions or incidents involving the vendor that could adversely impact the Credit Union, its members, or the vendor's continued ability to meet service level expectations.  (Monitoring reports)

    o   Business Continuity, Disaster Recovery, and associated testing results

    o   Other information deemed appropriate (e.g. SLAs) based on the services provided by the vendor and the associated level of risk.