Based on the very limited scope of your question it is difficult to answer than much more than "it depends." Is the software cloud based or running 100% on your servers? Does the software manufacture have access to your network?
If the software is 100% internal and critical to your organization's daily operations, I would recommend it would appear on your Risk Register, not VM. On the otherhand, if the software is cloud based and still critical to your daily operations then the software host/provider would appear in vendor management.
If you provide more detail I think you might get more thorough advice.
------------------------------
Mark Ewert, CPCU, CIC
Director Vendor Management
Penn National Insurance
------------------------------
Original Message:
Sent: 02-17-2023 05:16 PM
From: Anonymous Member
Subject: Softwares with no NPI
This message was posted by a user wishing to remain anonymous
Should software's that we can acess through our work computers but doesn't hold NPI be included in our VMP?