Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Specific Vendor Question

    This message was posted by a user wishing to remain anonymous
    Posted 06-29-2022 03:22 PM
    This message was posted by a user wishing to remain anonymous

    My credit union uses a popular critical vendor known as Jack Henry. Under Jack Henry we have 53 products we use with them. Each product has its own vendor owner and each product risk rating. However, one of our executives is the vendor owner for Jack Henry in its entirety. We do not like how this vendor is set up in Venminder and I would like any suggestions on a different way to set it up so that each product is In its own individual file. Also the documents on the vendor as a whole are not organized and half the products are tagged in a soc 1 2020 report and half are in a Soc 2 2020 report. but I found out really whomever uploaded these never knew which product the socs and other due diligence specifically covered so she just tagged random vendors. Can someone offer some great advice

  • 2.  RE: Specific Vendor Question

    Posted 06-29-2022 04:29 PM

    Our VM Software system has a field for "Parent Company" When we have separate products/owners/documents, etc. We would load them as a separate vendor in their own right, and then list the parent company. I haven't used that feature yet, as I'm still learning, but it seems like a good option. Do you have anything like that in your system?


  • 3.  RE: Specific Vendor Question

    Posted 06-30-2022 08:43 AM

    I work for a CU that also uses JHA. When you say that you want each product to be its own individual file, are you thinking along the lines of each product has it's own separate Vendor page? If so, the only thing I could think of would be to change the name of the Vendor to something unique, like "Jack Henry - Banno" and then have the product "Banno" - although I don't know that I could personally recommend this and not sure what adverse effects it would have, if any. We do not have nearly 53 products with them, so I sympathize with your circumstance! 

    Regarding the latter portion, you may already be aware of this, but JHA has a pretty robust client portal where you can get all manner of due diligence documents such as SOC reports, incident reports, sample insurance, etc. If you don't already have access to this, I would highly recommend reaching out to your point person (perhaps the executive mentioned below or a member of your IT department) to gain access. 

    Hope this helps, I am a bit of a novice myself! :)

  • 4.  RE: Specific Vendor Question

    Posted 06-30-2022 09:45 AM
    Proper vendor and product setup is a common topic we discuss with our clients, so please know that your questions are in great company! Jackson's recommendation is one way you could handle your predicament, however, we would love to explore all options with you to ensure you're comfortable and satisfied with the outcome. Reach out to your dedicated Customer Success Manager or our Customer Support team for expert advice and guidance. We're here and would love to walk through this with you!