Latest Blog Articles

Read the Latest Blog Posts
Knowledge. Useful. Quick. 

Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • June 2023 Vendor Management News

    2 days ago
    Stay up-to-date on the latest vendor management news happening this month. Check out the articles below to stay in the know.

  • How to Conduct Effective Third-Party Due Diligence

    3 days ago
    What is third-party due diligence? To begin with, it’s an essential element of managing third-party risk . Well-executed third-party due diligence can help your organization be confident they're entering (or maintaining) a relationship with a legitimate company with a good reputation.

  • Software and Outsourcing Activities Benefit Third-Party Risk Management at Any Maturity Level

    4 days ago
    The third-party risk management (TPRM) process involves the design, development, implementation, and maintenance of a comprehensive framework. This framework often has complex and interdependent processes, with multiple stakeholders . Small TPRM teams and large vendor inventories only add to the complexity and work effort.

  • May 2023 Vendor Management News

    8 days ago
    Stay up-to-date on the latest vendor management news happening this month. Check out the articles below to stay in the know.

  • Unintended Consequences of Declining Vendor Financial Performance

    10 days ago
    Monitoring your vendor’s financial performance is more important than ever. Things like soaring inflation and banking failures are shining a spotlight on economic instability, which can impact your vendor’s financials and ultimately bring more risk to your organization. If you discover that your vendor’s financial health is declining , you may be facing some unintended consequences.

  • Importance of Complementary User Entity Controls for Vendor Relationships

    11 days ago
    Sometimes, third-party risk management (TPRM) professionals can forget that implementing vendor controls is often a two-way process. Vendor controls will have certain objectives that are only achievable through something called complementary user entity controls (CUECs). A good way to think of CUECs is by comparing them to the safety features of a car. Seatbelts are designed and manufactured by the car maker with the objective of protecting drivers and passengers. However, this objective can only be met if the seatbelt is being used correctly. The CUEC in this scenario would be the proper use of the seatbelt.

  • What Is a Third-Party Risk Assessment?

    17 days ago
    You're probably at least somewhat familiar with the activities in third-party risk management. Whether you're collecting due diligence from your vendors or monitoring their performance, there's a lot to do to protect your organization from third-party risk on an ongoing basis.

  • How to Assess Cloud Service Providers

    18 days ago
    Cloud service providers have been around for some time, and many organizations are becoming more reliant on these types of vendors. While cloud technology isn't new, it can be challenging to assess cloud service providers if you don't understand the basics. To help you evaluate cloud providers, let's examine a few key considerations.

  • We’re a Credit Union - Why Worry About the OCC and FDIC?

    19 days ago
    As a credit union employee, you may wonder if OCC and FDIC guidance regarding third-party risk management is relevant to your organization. After all, the National Credit Union Administration (NCUA) already offers third-party risk management (TPRM) guidance such as Letter 07-CU-13 . Is it necessary to stay informed of other regulations that may not apply directly to your specific type of financial institution? The short answer is yes!

  • 5 Takeaways from Canada’s New Third-Party Risk Management OSFI Guidelines

    24 days ago
    Throughout the years, U.S.-based agencies have typically led the way when it comes to third-party risk management (TPRM) regulations. As of May 1, 2023, Canadian Federally Regulated Financial Institutions (FRFIs) are now expected to comply with the TPRM guidelines published by the Office of the Superintendent of Financial Institutions (OSFI). The aptly-titled Third-Party Risk Management Guideline is well-organized and follows many of the same principles that have been previously established by U.S. agencies such as the FDIC and OCC.

  • How to Make Vendor Management Software Worth It

    25 days ago
    Shopping around for the perfect vendor management software can be quite an ordeal. There’s a lot to consider with all the different features, configurability, and pricing that will meet your organization’s needs. Plus, you can’t forget about the expertise and training that will really optimize your vendor management program. A software provider that has subject matter experts on staff will be vital as they assist with your daily questions and due diligence analyses.

  • Red Flags in Critical Vendor SOC Reports

    one month ago
    There are a lot of steps that go into the initial due diligence process and ongoing monitoring of a vendor. One of the first things you’ll do is to request the vendor’s SOC reports, which may include both SOC 1 and SOC 2. Not only do you need these SOC reports from your vendors, but also from your critical subservice organizations , known as your fourth parties. After you receive these reports, it helps to understand some red flags that may indicate potential issues with your vendors.

  • The Failure of First Republic Bank and the Need for Comprehensive Third-Party Risk Management

    one month ago
    On May 1, First Republic Bank became the latest regional bank to fail, following Silicon Valley Bank and Signature Bank, which collapsed less than two months ago.

  • Vendor Data Breach: Next Steps to Take With Your Third Party, Organization, and Customers

    one month ago
    In the world of third-party risk management, vendor data breaches continue to dominate headlines. Healthcare and the financial services industries are frequent targets because of the abundance of sensitive data they handle. However, any organization that uses vendors can be impacted by a data breach and expose consumer data.

  • Seven Benefits of Third-Party Vendor Risk Management for Higher Education Institutions

    one month ago
    Colleges and universities are experiencing a perfect storm of financial issues: less student revenue due to the pandemic, fewer donations due to the economy, funding cuts from state and federal sources, and the lingering threat of inflation and recession. As a result, higher ed administrators are facing unprecedented budget shortfalls and operational challenges. To stay afloat, higher ed institutions are increasingly outsourcing operational functions.
More