Information Security

 View Only
  • 1.  SME Reviewer

    This message was posted by a user wishing to remain anonymous
    Posted 02-21-2023 03:07 PM
    This message was posted by a user wishing to remain anonymous

    Does anyone utilize a vendor to perform the information security portion of vendor reassessments? I work at a small FI and we do not have an information security team to review the SOC 2 and info sec policies. 

    We are not satisfied with our current vendor and would love to hear from others who are in the same boat. 

    Thank you,

    Mike



  • 2.  RE: SME Reviewer

    Posted 02-22-2023 04:35 PM

    We contract with Quantivate to assist with our Critical and some of the Significant reviews. They assess the risk in 11 different areas. Not sure if they would only complete the IS portion, but you could check?

     

     

    Cheryl Turner, CRVPM II

    Vendor Manager

     

     

     



    Does anyone utilize a vendor to perform the information security portion of vendor reassessments? I work at a small FI and we do not have an information security team to review the SOC 2 and info sec policies. 

    We are not satisfied with our current vendor and would love to hear from others who are in the same boat. 

    Thank you,

    Mike



  • 3.  RE: SME Reviewer

    Posted 02-22-2023 04:59 PM

    Thanks for your post Cheryl Turner.  I'm starting to look at other vendor options that can perform Compliance, BCP, Privacy and Info Sec risk assessments.   




  • 4.  RE: SME Reviewer

    Posted 02-22-2023 06:30 PM

    Hi Paulo,

     

    I may be able to provide you with some additional information, if you would like. Please email me directly [email has been removed by the Community Manager for privacy reasons. You can message the member directly by clicking their name, which will take you to their member profile for more information.]

     






  • 5.  RE: SME Reviewer

    This message was posted by a user wishing to remain anonymous
    Posted 02-22-2023 06:29 PM
    This message was posted by a user wishing to remain anonymous

    We have an in-house InfoSec team that reviews SOCs, but we have utilized Venminder's SOC assessment in the past. You can elect to have the assessment done using the Venminder Exchange function.