This message was posted by a user wishing to remain anonymous
We're currently working to refine our Exempt / Out‑of‑Scope vendor definition and governance framework and want to ensure clarity and consistency.
I'm specifically looking for credit union examples that outline:
- How you define Exempt vs. Out‑of‑Scope vendors
- Clear criteria or thresholds used to determine exemption
- Any governance structure (e.g., approvals, documentation, periodic review)
- Common vendor types you consistently treat as exempt or out of scope
If you're willing to share policy language, high‑level frameworks, or practical examples, it would be incredibly helpful as we work toward standardizing our approach.
I appreciate any insights or lessons learned!
-------------------------------------------