Latest Blog Articles

Read the Latest Blog Posts
Knowledge. Useful. Quick. 


Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • Cybersecurity threats are a constant and evolving presence in many third-party relationships, so it’s essential to establish a strong partnership with your information security (InfoSec) team, who are the experts when it comes to mitigation for these risks. With the right strategy and processes in place, your InfoSec team can play a vital role in strengthening your third-party risk management (TPRM) function.
  • Assessing vendors, or due diligence, is one of the more complex third-party risk management (TPRM) activities. From sending out vendor questionnaires, gathering documents and having suitable risk experts to evaluate the vendor's control environment, the process can be long and time consuming, especially if you manage multiple vendors at once. The good news is that you no longer need to cope with all that work internally.
  • Stay up-to-date on the latest vendor management news. Discover information to help improve or keep your third-party risk management program fresh. Below we've listed some notable articles to check out.
  • Cybersecurity events can include anything from data breaches and zero-day exploits, to phishing and ransomware attacks, which can affect both your organization and your third-party vendor. To protect against various cybersecurity attacks, organizations need to ensure that their vendors maintain documented policies covering areas such as data classification, media sanitization, multi-factor authentication and logical access. Let’s explore some tips on how to manage third-party cybersecurity risk.
  • When thinking about vendor controls in third-party risk management (TPRM), it’s important to remember that it can often be a two-way process. Complementary User Entity Controls (CUECs) , also known as User Control Considerations (UCCs), are controls that the vendor has included within its system, in which the user entity (you) must implement to ensure the vendor’s control objectives are accomplished.
  • Vendor reputation risk has changed a lot over the last 10 years. This is largely attributed to the internet and social media, and the fact that terms like “trending” and “viral” have taken on a whole new meaning. When attempting to manage vendor reputation risk, we must acknowledge how vast and immediate its reach really is. A seemingly small issue could quickly transform into a big controversy if associated with the wrong hashtag.
  • In today’s business environment, the risk of a breach occurring at one of your third-party vendors is becoming more and more prevalent, so it’s important to stay on top of how they happen, why it can happen and what you can do. Vendor data breaches can come in all shapes and sizes, and they don’t necessarily have the same motives.
  • Stay up-to-date on the latest vendor management news. Discover information to help improve or keep your third-party risk management program fresh. Below we've listed some notable articles to check out.
  • Well-written vendor contracts are at the core of strong third-party vendor relationships. A vendor contract is a legally binding document used to outline specific duties by each party for a duration of time. Therefore, there are some risks that arise if the contract is poorly written or implemented. While there are several potential risks, we'll review 3 risks we believe pose a particular concern with vendor contracts.
  • One of the primary functions of the third-party risk management lifecycle is to identify a vendor’s inherent risk in order to make informed decisions on how to handle it and ultimately protect the organization. But, what exactly is inherent third-party vendor risk and how can you identify it? Let’s review the basics to gain a better understanding of this important criteria of vendor assessment.
  • Often times, many view the vendor lifecycle within the confines of signing the vendor contract and implementing a vendor product or service and then terminating the contract. However, the contract is only one component of the vendor lifecycle. It’s crucial to consider the steps of managing a vendor throughout the entire relationship with your organization.
  • One of the biggest challenges in establishing a good third-party risk management (TPRM) program is getting the assessment process adopted by the organization as part of new third-party vendor onboarding. This is probably attributed to the fact that the process should truly begin with the individual lines of business or vendor owners, and not with the TPRM managers who own and promote it.
  • As banking customers demand more innovative products and services, community banks continue to see the value of utilizing financial technology (fintech) providers to increase efficiency and reduce costs. In response to this evolving financial landscape, the FDIC, the Federal Reserve Board and the OCC recently released Conducting Due Diligence on Financial Technology Companies - A Guide for Community Banks. Although community banks aren’t required to use this guide, it provides helpful suggestions and the six areas of due diligence to review for fintech companies.
  • During our recent three-day Third-Party Risk Management Bootcamp September 14-16, we had a lot of GREAT questions come in and wanted to compile and share the answers. Below you'll find third-party risk management questions and answers posed during Day 1, Day 2 and Day 3 sessions.
  • Using third-party vendors is a standard business strategy that can benefit an organization in many ways. Whether it's helping to reduce costs, deliver specialized products and services to your customers or supplement existing staff, many third-party vendors have become a vital part of many business operations. Utilizing external vendors often brings rewards but isn’t without risk. To help mitigate the risk, you should have a third-party risk management program in place.