A vendor's criticality and risk rating are two different things, but they often get used interchangeably. We'll clarify them more for you to better understand.
A vendor risk assessment should be performed on a third party vendor in order to properly assess and determine the risk posed to your organization. This should be done during both the vendor [...]
At a conference we attended this year, one presenter represented a global bank and was responsible for global third party risk. He and his team were responsible for performing both assessments via
The vendor risk assessment is a very crucial step in the vendor vetting and ongoing monitoring due diligence phases. The assessment will give you a better understanding of the risk posed by each [...]
From a best practices perspective, did you know there is a distinct difference between a critical vendor and high risk vendor? It’s common to see these two vendor types grouped as one, however [...]
I was asked at a speaking engagement what I felt was the most difficult part of third party risk management. My answer, quite cumbrous, was “all of it”.
Writing a risk assessment document for the first time or the thousandth time can be a daunting task. People often struggle with how much there is to consider.
So, let’s narrow the focus and go [...]
The optimist sees the glass as half full; the pessimist sees the glass as half empty; the engineer sees a waste of too much glass; the compliance officer sees it as potential shattering and [...]
You may have seen the news, reported in Krebs On Security and elsewhere, that payroll processing giant, ADP, was compromised by identity thieves, resulting in the loss of tax and salary data.