When it comes to third-party risk management, we cannot overstate how important it is to understand who your critical vendors are. For better or worse, they can have a significant impact on your [...]
The short answer is, if you’re doing everything right, it shouldn’t. A good risk management program should already tell you what areas of your organization are most vulnerable to risk. However, [...]
The vendor risk assessment is a very crucial step in the vendor selection and ongoing monitoring due diligence phases. The assessment will give you a better understanding of the risk posed by each [...]
If you’ve worked in third-party risk management for any period of time, you’ve certainly been asked, “Have you done a risk assessment?” It’s a question asked so many times that it has probably [...]
You’re in a predicament. You recently sent your vendor the vendor risk assessment questionnaire not once, not twice but three times and they still haven’t filled it out. To make matters even [...]
Writing a risk assessment document for the first time or the thousandth time can be a daunting task. People often struggle with how much there is to consider.
A vendor risk assessment should be performed on a third party vendor in order to properly assess and determine the risk posed to your organization. This should be done during both the vendor [...]
At a conference we attended this year, one presenter represented a global bank and was responsible for global third party risk. He and his team were responsible for performing both assessments via
From a best practices perspective, did you know there is a distinct difference between a critical vendor and high risk vendor? It’s common to see these two vendor types grouped as one, however [...]
I was asked at a speaking engagement what I felt was the most difficult part of third party risk management. My answer, quite cumbrous, was “all of it”.
The optimist sees the glass as half full; the pessimist sees the glass as half empty; the engineer sees a waste of too much glass; the compliance officer sees it as potential shattering and [...]
You may have seen the news, reported in Krebs On Security and elsewhere, that payroll processing giant, ADP, was compromised by identity thieves, resulting in the loss of tax and salary data.