Due Diligence and Ongoing Monitoring

Hello,

I need to review the risk ratings of the Marketing vendors at my financial institution. A few have a limited amount of PII like names, emails and addresses. They are currently rated as low risk, but I am unsure if a combination of PII like name, email and address tips them over to a higher risk rating. I would like to know how other financial institutions or companies risk rate their marketing vendors? Also, what amount or combination of PII does a vendor need to have for them to be considered high risk or GLBA? Thank you.

This message was posted by a user wishing to remain anonymous

I am fairly new to using the platform, but we are currently listing such vendors as medium risk.  with the PII as an individual rating, like what you mentioned, rates as high but once all risks are weighed we see the vendor A happy medium between the low/high if you will.