Risk Assessments

 View Only
  • 1.  Technology Risk Assessments

    This message was posted by a user wishing to remain anonymous
    Posted 08-09-2024 12:13 PM
    This message was posted by a user wishing to remain anonymous

    Does anyone risk rate the technology products along with risk rating the vendor?  We currently do both.  We complete the risk assessment and due diligence for the vendor and then we also have to risk rate the actual product the vendor is providing us.  I'm curious if anyone else does this?



  • 2.  RE: Technology Risk Assessments

    Posted 08-09-2024 04:43 PM

    Hi,

     

    We complete a technology risk assessment on the product separate from the vendor risk.

     

    Thanks,



    Kelli Shoup | Technology Support Lead/Information Security Specialist



    This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.






  • 3.  RE: Technology Risk Assessments

    Posted 08-11-2024 08:07 AM

    We do inherent risk assessments on every product. If there are multiple products under one vendor, the highest risk score is the one we use at the vendor level.

     

     






  • 4.  RE: Technology Risk Assessments

    Posted 08-11-2024 08:08 AM

    Dear all , 

    this will lead to a relevant inquire once you assess the vendor criticality ( H/M/L ) this means the service provided is the same criticality, on the other hand  we do assess the system criticality as part from risk management . noting that Venminder highlighted the main criteria for vendor criticality one of this the type of this service provided and its impact on the business and bank  .

    regards 

    said 




  • 5.  RE: Technology Risk Assessments

    This message was posted by a user wishing to remain anonymous
    Posted 08-12-2024 02:05 PM
    This message was posted by a user wishing to remain anonymous

    We review all products as part of the vendor assessment. If there are multiple products or new ones coming in, they are given the higher risk of the vendor or the product.