Latest Blog Articles

Read the Latest Blog Posts
Knowledge. Useful. Quick. 


Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • Stay up to date on the latest vendor risk management news happening this month. Check out the articles below.
  • Cybersecurity incidents, such as data breaches and ransomware attacks, have become increasingly common in recent years. Threat actors from around the globe continue to target a wide range of industries and organizations of all sizes. The consequences of these incidents can range from operational disruptions and reputational damage to legal action and financial loss. Implementing a robust cybersecurity program that follows industry best practices on data protection can help minimize the impact of these incidents.
  • Stay up to date on the latest vendor risk management news happening this month. Check out the articles below.
  • Broker-dealers must comply with strict standards when servicing their clients, according to agencies like the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA). These standards cover key areas, such as recommending securities transactions or investment strategies, safeguarding their clients’ information, and preventing disruptions to critical operations. Third-party risk management (TPRM) has become another important standard for broker-dealers in recent years. Regulations on data breach notifications , cybersecurity, and business continuity planning have all addressed the need for broker-dealers to implement TPRM practices within their operations.
  • Whether you're a business leader or an architect, it's important to realize that constructing anything, whether it's a software program or a physical building, requires the right support structure. This principle also holds true for the development of a third-party risk management (TPRM) framework. Attempting to tackle the task without adequate planning, documentation, or the right components can lead to costly and time-consuming repairs or revisions.
  • The Federal Financial Institutions Examination Council’s (FFIEC) Development and Acquisition booklet within the Information Technology Examination Handbook was updated recently, 20 years after its original release. The new booklet, “Development, Acquisition, and Maintenance ,” is a lengthy read, at more than 200 pages long, but a highly valuable resource for third-party risk managers who want a better understanding of examination procedures.
  • For many organizations, one of the most challenging and overlooked areas of third-party risk management (TPRM) is the oversight of vendor contracts. Oftentimes, these agreements go through a minimal process of negotiating and signing, before being filed away until the renewal period. This can lead to increased vendor risks and negative consequences for your organization.
  • An essential component of any critical vendor relationship is understanding how they will respond to and recover from a business-disrupting event, such as a natural disaster, cyber incident, or unplanned staffing shortage. Reviewing a vendor’s business continuity plan (BCP) and disaster recovery plan (DRP) helps ensure your organization isn’t negatively impacted by your vendor’s unpreparedness.
  • One only needs to read the news to understand how crucial third-party risk management (TPRM) is. Given the rise in regulations in the U.S. and internationally, the relentless wave of cyberattacks and data breaches, as well as significant business continuity incidents, like the CrowdStrike outage impacting millions globally, it's clear that the risks associated with third, fourth, and nth parties should receive full attention from an organization's management and board.
  • System and organization controls (SOC) reports are a key component of an effective third-party risk management program. The two most common types of SOC reports, the SOC 1 and SOC 2 reports , are each responsible for covering different aspects of the vendor’s control activities that will affect your organization.
  • Stay up to date on the latest vendor risk management news happening this month. Check out the articles below.
  • Assessing vendor risk is an essential practice for organizations to safeguard themselves and their customers from a wide array of potential threats. Vendor risks encompass operational challenges, cybersecurity vulnerabilities, compliance issues, damage to reputation, and financial hazards, among others. Every vendor engagement carries at least some inherent risks, making it imperative for organizations to diligently identify and evaluate the specific types and levels of risks associated with the goods or services provided by their vendors.
  • Financial services across the world are typically common targets for cyberattacks, data breaches, and other third-party cyber incidents. To protect organisations and individuals from these growing threats, regulators such as the Australian Prudential Regulation Authority (APRA) have issued standards on information security practices that can be built into third-party risk management (TPRM) programs.
  • This blog was written in collaboration between Venminder and Vendor Centric. Vendor Centric is a trusted Venminder partner and vendor management consultancy using a proven framework to support Venminder clients across multiple industries transform vendor management from a disjointed set of activities to a holistic, streamlined business function that produces results.
  • Third-party risk management is the process and practice of identifying, assessing, managing, and monitoring the risks posed to your organization and customers through external business relationships. Although the concept of third-party risk management, sometimes referred to as TPRM, may seem straightforward, its execution involves a complex set of interconnected processes and multiple stakeholders.