Latest Blog Articles

Read the Latest Blog Posts
Knowledge. Useful. Quick. 


Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • Stay up-to-date on the latest vendor management news. Not only will you learn something, you may discover something to help your third-party risk management program. Below we've listed some notable articles to check out.
  • Are you new to the world of third-party risk management (TPRM)? Perhaps you work in one area of TPRM, but struggle to understand how all the components work together in this highly complex system of interrelated processes and practices. We’re going to breakdown the WHO, WHAT and WHY of TPRM which should give you a solid understanding of some key concepts.
  • A lot plays into a successful vendor risk management program. One must consider many factors including the time devoted, the subject matter experts involved and a thorough understanding of the evolving regulations. At times it can become a laborious task to fully understand all facets that should be part of your organization’s vendor risk management in order to be a thriving program.
  • Vendor risk management is a complex system of various processes that must be accomplished by many different roles within an organization. It may seem like only a few individuals are overseeing your vendors, but there are probably many more that are involved in your overall program. Let’s take a look at the roles and responsibilities that play a part in vendor risk management.
  • Many people consider slavery as a sin of the past. Unfortunately, this notion is entirely out of step with reality. The International Labor Organization (ILO) has provided these staggering statistics:
  • In the past, The Federal Reserve Board, FDIC and OCC each have issued their own guidance for their respective supervised banking organizations, including the Board’s 2013 guidance, the FDIC’s 2008 guidance the, OCC’s 2013 guidance, and most recently, a list of 2020 FAQs.
  • An important beginning step when vetting vendors is to rate the risk associated with them. The standard rating system seen is low, moderate and high. You may already be familiar with how to identify high-risk and critical vendors. A simple set of questions can be used to help you determine whether the sudden loss of the vendor would cause a significant disruption to your business operations or customers, which would make it critical, or whether they have access to any sensitive data, which is just one criteria example that would make it high risk.
  • Are you confused by the entire concept of SOC (system and organization controls) reporting? You’re not alone. Many people find this type of reporting very confusing so read on to get a basic understanding of this complex issue.
  • Third-party vendor due diligence is an essential vendor risk management process, not just before you begin a business relationship, but throughout that relationship as well. Due diligence provides your organization the data to validate that the vendor can reasonably mitigate the risks associated with the product or service provided and has a solid reputation. But, the due diligence process is not a “one-and-done” process. Instead, it’s a continuous part of the vendor-risk management lifecycle. Per many regulatory requirements and overall best practices, it should be a standard component in your ongoing monitoring routines.
  • Obtaining and reviewing a vendor’s financials can be a laborious process, as individuals must sift through a large scale of information within a vendor’s financial statements to thoroughly analyze and identify key data points. Once this review and assessment takes place, the focus then shifts to how your team can adequately use the vendor’s financial information/metrics and make further sense of it all within your vendor risk management program.
  • Service level agreements (SLAs) are an important tool in measuring the quality of products or services your vendor provides. SLAs are generally set aside in a document that is separate from the contract (the formal agreement between you and your third-party vendor). While it’s important to remember that the contract and the SLA have different purposes, these two documents should tie together, by reference within each document or by being combined into one document. In fact, incorporating the SLA into your vendor contract is a best practice and the recommended approach to ensure your vendor is meeting your organization’s standards.
  • A third-party vendor is a company or entity with whom you have a written agreement to provide a product or service on behalf of your organization to your customer or upon whom you rely on a product or service to maintain daily operations. A more general term for third party is vendor. A third party is your organization’s direct vendor as you have a contract directly with them.
  • Reading up on latest vendor management news can only help your third-party risk management program. We're here to make it easier than ever! Below we've listed articles that we recommend checking out.
  • Vendor criticality and risk rating are often used interchangeably. But, they're two distinct concepts. It's essential to understand the difference and how each is applied within vendor risk management. Read on to learn more.
  • You may already understand the importance of third-party risk management to your organization. Not only is it a regulatory requirement, but a robust vendor risk management program will better prepare your organization to identify, assess and manage different risk types including compliance, information security, privacy, legal and business continuity. However, maybe you’re still debating whether to invest in vendor risk management software. Read on to discover the benefits that this type of software can bring to your organization.