Due Diligence and Ongoing Monitoring

 View Only

  • 1.  Third party service providers who perform model validation

    This message was posted by a user wishing to remain anonymous
    Posted 10-18-2022 08:33 AM
    This message was posted by a user wishing to remain anonymous

    Hi All,

    Currently our TPRM does not perform a due diligence on third party service provider who perform model validation tasks for us, since our policy states that auditors and consultants are out of scope. However, I believe we should. 

    My question is to what extend? What information do we request from them? 

    Thank you in advance for your responses.


  • 2.  RE: Third party service providers who perform model validation

    Posted 10-18-2022 03:58 PM

    We just started 3rd Party Service Provider Assessments.  Depending on what they do, especially if they are an MSP, Data Center Provider, developer, etc., they may have access to pretty sensitive information.  The goal is not only how do they protect our information but them following our policies for asset and information protection.

     

    Jamie Sumter

    IT Risk Management Lead

    Clarios

    THIS MESSAGE MAY CONTAIN INFORMATION THAT IS PRIVILEDGED AND CONFIDENTIAL. The information contained in, or attached to, this message is intended solely for the use of the specific person(s) named above. If you are not the intended recipient, then you have received this communication in error and are prohibited from review, retransmission, taking any action in reliance upon, sharing the content of, disseminating or copying this message and any of the attachments in any way. If you have received this communication in error, please contact the sender immediately and promptly delete this message from all types of media and devices. Thank you.

     




    Original Message