We review SOC 1 reports for suppliers that process financial transactions or provide Tier 1 applications that impact our financial reporting. We review SOC 2 reports for suppliers that have access to our confidential information in their environment, ...
Do you collect SOC 1 and 2 docs for all vendors regardless of risk?
This message was posted by a user wishing to remain anonymous Conduct your analysis and gather your list of the vendors who you feel provide the service of a BCSA, and which ones meet the 'ownership" criteria. Review that list with other ...
"Notwithstanding" in that section does not address the definition of the Bank Service Company. It only further clarifies if the service is formally contracted or not. It does not change the definition of the bank service company. I agree ...
It's still prudent to request and review financials. Assure the vendor, you are aware they are a start up, however financial viability is just one overall component of the overall due diligence process. Enhance your program to include the residual ...
Join a community dedicated to an area of third-party risk including contracts, infosec, risk assessments, policies, and more.
Network with others who are running very mature or complex programs at their organizations that require a unique way of thinking.
Meet, connect, and network with other users using the same third-party risk tool as you - get support and share new ideas and best practices.
Download the latest guides, infographics, samples, whitepapers, checklists, and more that can help guide you through best practices on third party risk. Visit Resources
Register and join live webinars to learn current trends and best practices from knowledgeable experts. Free CPE eligible webinars. Register Now
Make sure to sign up to our notification list and be one of the first to know about our self-paced eLearning courses.Get Notified