Skip main navigation (Press Enter).

Risk Assessments

View Only

Ncontracts State of TPRM 2026

Back to discussions

Expand all | Collapse all

Vendor A integration with Vendor B

Anonymous Member02-20-2023 07:18 AM

This message was posted by a user wishing to remain anonymous I'm not sure if TPRM should be informed ...

Aaron Kirkpatrick02-23-2023 01:33 PM

Yes, being notified of a data sharing change would be a part of TPRM's ongoing monitoring practices. ...

1. Vendor A integration with Vendor B

Like
This message was posted by a user wishing to remain anonymous
Posted 02-20-2023 07:18 AM
This message was posted by a user wishing to remain anonymous

I'm not sure if TPRM should be informed here or if it's more for the security team. Are vendors continuously assessed if there's a change with how the vendor is used whether that is the type of data shared with vendor A or data shared/integration between vendor A and vendor B?

I'm particularly curious if the piece about vendor A and vendor B data sharing/integration should be part of TPRM's risk assessment. Appreciate your insights
2. RE: Vendor A integration with Vendor B

Like
Aaron Kirkpatrick
Posted 02-23-2023 01:33 PM
Yes, being notified of a data sharing change would be a part of TPRM's ongoing monitoring practices. The next step would be to assess what the change is and the impacts of that change. For example, if the change includes one of the vendors processing or storing a more sensitive class of data, an updated risk assessment should be performed and additional due diligence may be required, which is where the Security team may also be consulted. This is how I would handle this scenario, but I'd like to hear how others may handle it.

Powered by Higher Logic

Global message icon