The on site gives us the opportunity to ensure the vendor does adhere and enforce their policies and procedures (clean desk, security/access etc.) As well as the physical security in general. For those vendors who do not share their policies and procedures unless viewed on site- then we go there to conduct a review of them and tour the location. The tour allows us to see the work being done in many cases so we can assess the condition of the workspace as well as see who is doing the work. We use the visit as the opportunity to evaluate the leadership of the vendor in all areas of significance for us such as: HR, IT, Training, Operations, Compliance, Vendor Management, Risk and Security where we are able to get assurance that they all have the level of competence we would expect from a critical vendor. We can shadow processes the vendor does for us as well which can be assuring or open the door for risks or concerns depending on the situation.
------------------------------
Jenn Wilkinson
Vice President
Third Party Risk Management
Cenlar FSB
------------------------------
Original Message:
Sent: 04-18-2024 08:45 AM
From: Wendy Dickson
Subject: Physical Site Visits of High Risk Vendors
We also discontinued onsite assessments during Covid and are re-evaluating. We are trying to fully understand what value the onsites would provide outside of the third-party datacenter. Can you provide some additional details on what you're looking at during the onsites outside of the datacenter controls and possibly other physical controls, such as building access, cameras, etc?
------------------------------
Wendy Dickson
Third Party Risk Manager
Original Message:
Sent: 04-18-2024 08:02 AM
From: Jennifer Wilkinson
Subject: Physical Site Visits of High Risk Vendors
Hi Lori-
We had stopped site visits during COVID and were doing some reviews with a virtual walk through. Our regulator in 2023 strongly suggested that we evaluate resumption of visits where it made sense in 2024. So we are doing site visits for multiple critical vendors this year. I know some shops that took their travel allotments out of their budgets and now they are fighting to get it back. I did not have that problem- thank goodness! Good Luck!
------------------------------
Jenn Wilkinson
Vice President
Third Party Risk Management
Cenlar FSB
jwilkinson@cenlar.com
Original Message:
Sent: 04-17-2024 01:18 PM
From: Lori Collins
Subject: Physical Site Visits of High Risk Vendors
Good Afternoon,
Does anyone do physical site visits of their high-risk vendors?
Really curious how many actually do this. Thanks in advance for answering!
Lori Collins, NCCO, CRVPM II