Hi Leah,
For a vendor that provides online banking and ACH positive pay services, I would suggest starting with something standard like the Standardized Information Gathering (SIG) questionnaire or one from NIST. These will give you a broad understanding of the vendor's overall risk profile in areas such as cybersecurity, IT, data security, and privacy.
From there, you can develop additional questions to ask the vendor, which are more specific to the product or service. Here are a few suggestions to consider:
- Does the vendor limit the number of ACH filters or payment rules?
- How often does the vendor perform security testing on its ACH fraud filter?
- What types of authorization alerts does the vendor provide?
- How often does the vendor perform security testing on its alert system?
When developing these questions, you'll also want to consider other attributes that are unique to your organization, such as your risk appetite and your strategic goals or objectives.
I hope these suggestions can help you get started on your own risk assessment and I'd welcome any feedback from the rest of the community.
Original Message:
Sent: 04-03-2024 03:14 PM
From: Leah Beverly
Subject: Risk Assessment Template Request
Hi everyone,
Can anyone share a risk assessment template for both online banking and ACH Positive Pay?
thank you very much.