Vendor on-site visits can be a useful tool as part of initial due diligence or ongoing monitoring. Each on-site visit will be unique depending on the product or service provided and the controls your organization needs to verify.
This is an interesting question where I would love to hear from other members. In my opinion, Insurance for your organization would likely not be critical or have elevated risk, but should still be within TPRM. Consider baseline Monitoring ...
Enterprise Resource Planning solutions will typically be critical vendors with high risk driven by the companies data involved. The answer is yes, consider the implementation, not just the solution/vendor level of due-diligence. This is because ...
Yes, I'd recommend the following:
Classifications: High. Medium, Low.
Risk Assessment gauges risk across Inherent risk categories include the following: Business Continuity, Compliance, Concentration, Country, Credit, ...
How awesome! I needed that too, thank you Michelle.
Join a community dedicated to an area of third-party risk including contracts, infosec, risk assessments, policies, and more.
Network with others who are running very mature or complex programs at their organizations that require a unique way of thinking.
Meet, connect, and network with other users using the same third-party risk tool as you - get support and share new ideas and best practices.
Download the latest guides, infographics, samples, whitepapers, checklists, and more that can help guide you through best practices on third party risk. Visit Resources
Register and join live webinars to learn current trends and best practices from knowledgeable experts. Free CPE eligible webinars. Register Now
Make sure to sign up to our notification list and be one of the first to know about our self-paced eLearning courses.Get Notified