Good morning! I like everyone's perspective on this! I agree that checking the contract to determine how data will be stored/returned/handled will be key. For the due diligence monitoring collection and review, I had the following thought ...
We just had a VM audit last month and some recommendations were given to us. What does your policy say about when you change a vendor from active to inactive? This would factor into what you should do. If it was me, I would for sure get ...
I would agree with Cheryl and waive the review. However, given it is a critical/high risk vendor, there is some likelihood that they store some sensitive/NPI data for your company. If that is the case, this may be a good opportunity to review ...
I would just make a note of it and waive the review. The reviews are done so we are sure our data is safe, secure and the vendor is doing well in order to continue the relationship. If you are terminating the relationship, the review is a moot ...
This message was posted by a user wishing to remain anonymous One of our vendors is up for an annual review 30 days before our contract ends. They are rated as high inherent risk and are a critical vendor. Can anyone recommend how to handle ...
Join a community dedicated to an area of third-party risk including contracts, infosec, risk assessments, policies, and more.
Network with others who are running very mature or complex programs at their organizations that require a unique way of thinking.
Meet, connect, and network with other users using the same third-party risk tool as you - get support and share new ideas and best practices.
Download the latest guides, infographics, samples, whitepapers, checklists, and more that can help guide you through best practices on third party risk. Visit Resources
Register and join live webinars to learn current trends and best practices from knowledgeable experts. Free CPE eligible webinars. Register Now
Make sure to sign up to our notification list and be one of the first to know about our self-paced eLearning courses.Get Notified