Latest Blog Articles

Read the Latest Blog Posts
Knowledge. Useful. Quick. 

Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • July 2024 Vendor Management News

    yesterday
    Stay up-to-date on the latest vendor risk management news happening this month. Check out the articles below.

  • 6 Items to Negotiate Into Your Vendor Contracts

    2 days ago
    Learning how to successfully negotiate a vendor contract is a valuable skill to include in your vendor risk management (VRM) program. Vendor contract negotiation is designed to create a mutually beneficial relationship between both parties, while also protecting your organization from vendor risk.

  • Vendor Risk Management Requirements of NERC CIP-013-1

    9 days ago
    Energy organizations rely on complex supply chains worldwide, which can expose them to third-party cyberattacks and data breaches. It's crucial to identify, assess, mitigate, and manage the cybersecurity risks associated with third-party suppliers . To that end, the North American Electric Reliability Corporation (NERC) has established standard CIP-013-1 Cyber Security – Supply Chain Risk Management to protect energy organizations from cyberattacks.

  • The Finer Points of a Third-Party Vendor's SOC 2 Report

    10 days ago
    Technology vendors, such as data centers, cloud service providers, and credit card processors, must be assessed as part of an organization’s overall third-party risk management (TPRM) program. A third-party vendor’s SOC 2 report is an essential due diligence element that reveals details about a vendor’s control environment related to one or more of the five Trust Services Criteria – security, availability, processing integrity, confidentiality, and privacy.

  • Key Takeaways from the Basel Committee’s 12 Principles for Managing Third-Party Risks

    11 days ago
    On July 9, 2024, the Basel Committee on Banking Supervision (BCBS) released their proposed consultative document, Principles for the Sound Management of Third-Party Risk , intended for large, internationally active banks and their prudential supervisors, as well as smaller banks and authorities in all member countries. The principles create a common baseline for managing third-party risks, while allowing flexibility to accommodate evolving practices and regulatory frameworks.

  • Benefits and Tips of Vendor and Third-Party Risk Management KPIs

    16 days ago
    If you’ve ever been intentional about setting personal or professional goals, you may be familiar with the criteria known as S.M.A.R.T. Specific, measurable, achievable, relevant, and time-bound goals are more likely to be achieved than those which are vague, unrealistic, and open-ended. Measuring goals is particularly important because it provides concrete data on the progress made towards your objectives.

  • How the Real Estate Industry Can Mitigate Vendor Risk

    17 days ago
    Commercial real estate brokers face a significant concern when it comes to third-party relationships – vendor risk. Given the industry's nature, brokers often rely on various vendors, such as real estate appraisers, inspectors, and title companies. These partnerships can expose brokers to potential risks that can jeopardize brokers’ operations, finances, and reputation. A well-designed vendor risk management (VRM) program is crucial for commercial real estate brokers to safeguard against these inherent risks.

  • Signs Your Third-Party Risk Management Program Needs Independence

    23 days ago
    The concept of independence has been a significant aspect of human history and culture. It pertains to the ability of individuals or groups to make their own decisions and act freely, without being influenced or controlled by others. In July, we often commemorate the courageous actions taken by people in history to gain their independence. The signing of the Declaration of Independence in the U.S. and the storming of the Bastille in France are two examples of such events that were born out of a desire to break free from oppressive rule and achieve self-determination.

  • June 2024 Vendor Management News

    29 days ago
    Stay up-to-date on the latest vendor risk management news happening this month. Check out the articles below.

  • Best Third-Party Risk Management Platform Features

    one month ago
    Third-party risk management (TPRM) involves a wide range of activities, tasks, and stakeholders to identify, assess, mitigate, and monitor the risks associated with third-party relationships. This includes conducting risk assessments, due diligence, reviewing third-party documentation , contract reviews, monitoring, and periodically re-evaluating the relationship. Many organizations have turned to third-party risk management software platforms to help organize and streamline the workload. While these platforms can offer invaluable resources and features, selecting the right one for your organization can be challenging.

  • Meeting HIPAA Third-Party Risk Requirements

    one month ago
    Certain industries, like finance and healthcare, are at a higher risk of data breaches because they deal with vast amounts of sensitive information. While the finance industry has its own standards for protecting consumer data, healthcare organizations must follow expectations outlined in the Health Insurance Portability and Accountability Act (HIPAA) .

  • Cloud Service Provider Breach: Lessons From the Snowflake Attack

    one month ago
    If your organization relies on a cloud service provider (CSP), the recent Snowflake data breach has likely created significant concern. As many as 165 Snowflake customers have been impacted by the data breach, which may include hundreds of millions of personal records. Even if your organization wasn’t directly impacted by the breach, it’s important to take note of the incident and consider whether your third-party risk management (TPRM) program is prepared to respond. This involves ensuring that your third-party CSPs are following best practices to keep data safe and secure.

  • Agencies Release Third-Party Risk Management Guide for Community Banks

    one month ago
    When the Interagency Guidance on Third-Party Relationships: Risk Management was released in 2023, financial institutions of all sizes were given a framework for building a compliant third-party risk management (TPRM) program. Smaller organizations, like community banks, often have fewer resources to meet regulatory expectations, which can create unique challenges in TPRM compliance.

  • What to Include in Vendor Contract Templates

    one month ago
    Onboarding a new vendor can be a lengthy process, especially when you consider all the work that goes into contract management, such as negotiating the terms and reviewing service level agreements (SLAs) . Many organizations choose to streamline this process by using vendor contract templates that can be customized for various third-party relationships.

  • Third-Party Risk Management Metrics for Cloud Service Providers

    one month ago
    Cloud service providers (CSPs), also known as cloud vendors, are quickly becoming the norm in today’s business world. Many organizations are using CSPs to gain a competitive advantage and further their goals around innovation, while others are growing more reliant on this technology for their daily operations. In fact, Gartner predicted that cloud platforms will be considered a business necessity for most enterprises by 2028.
More