6 min read
How to Manage Banking as a Service (BaaS) Vendor Risks
You may have encountered the term banking as a service (BaaS), but don’t know precisely what it means or how it relates...
Browse and search through our free resources created by our in-house experts based on industry guidance and best practices to help you build and improve your third-party risk management program.
Venminder’s State of Third-Party Risk Management 2023 whitepaper provides third-party risk management insight and industry statistics to help you make informed programs decisions.
vendor management, vendor risk management, data, analyze, results, analysis
Without collaboration, organizations can face many challenges. In the eBook, explore some ways InfoSec and TPRM can proactively partner to benefit both teams.
information security, collaboration, better risk management, collaboration benefits
This infographic covers why the board and senior management should set the "tone-from-the-top", responsibility guidelines, and tips to help you gain support.
Organizational buy-in, vendor owners, vendor managers, board of directors, reporting, data
Learn the necessary actions to comply with Canada's Office of the Superintendent of Financial Institutions (OSFI) final Third-Party Risk Management Guideline B-10.
regulations, governance, compliance, FRFI, federally regulated financial institutions
If your organization doesn't have the right vendor risk management practices, your organization's and customers' data is at risk. To protect data, you must understand how your vendors plan to use it and safeguard it.
data privacy, cybersecurity, information security, lines of defense, third-party risk management lifecycle, documenting, reporting
Tell us how you managed third-party risk in 2023. Have your voice heard in Venminder's complimentary annual whitepaper! Results will be released in January 2024 in Venminder's State of Third-Party Risk Management Whitepaper.
TPRM, vendor risk management
Vendor data breaches will always be unexpected, but it’s possible to anticipate your response, which can minimize the damage to your organization and customers.
cybersecurity, information security, breach notification, data privacy, reputational damage, operational disruptions, cybersecurity posture
It's increasingly common for healthcare organizations to experience a data breach stemming from a business associate. Learn the 6 key steps to prepare your organization for a breach.
data privacy, reputational damage, operational disruptions, breach notification, information security, cybersecurity
Not all of your third-party relationships will end naturally at the end of a contract period. Sometimes, early contract termination is needed, so your organization must be prepared. This eBook outlines the necessary steps.
vendor offboarding, proactive termination, reactive termination, periodic reviews, third-party contracts
An effective third-party risk management program provides many strategic advantages to an organization. One obvious benefit is meeting regulatory requirements, but there's a much broader range of benefits.
SLA, service level agreement, operational advantages, outsourcing
Learn best practices that should be included in your third-party risk management program to ensure you keep your organization protected from data breaches and other cybersecurity incidents.
breach notifications, cyber right to audit, data protection, information security, data privacy, infosec
While technology sophistication is growing, so are the capabilities of hackers. Use this infographic to learn how to build a solid defense against cybersecurity risks.
data breach, information security
Mike Morris talks about the proposed SEC Outsourcing Rule and its impact in vendor risk management. Listen to learn answers to common questions, tips, and suggestions, as well as a general overview of the proposed rule.
regulations, financial services, fintech, guidance, registered investment advisors
This eBook explores how you can articulate the many requirements and benefits for your stakeholders to enhance their understanding and improve their third-party risk management program buy-in.
board reporting, stakeholder buy in, vendor owners, vendor managers, implementing third-party risk management platform, outsourcing,
This infographic breaks down the elements you should look for in vendor business continuity and disaster recovery plans.
bdcr, bcdr plans, bcp, drp, business continuity management, business impact analysis
There are many due diligence considerations unique to healthcare organizations. Use this handy checklist when thinking through the vendor due diligence you should be assessing, and the foundational documents to request from every vendor.
document collection, ongoing monitoring, continuous monitoring, hipaa compliance, ongoing vendor management, business associates
While all are important, there are differences to be aware of between questionnaires, risk assessments, due diligence, and continuous monitoring.
ongoing monitoring, risk re-assessments, vendor offboarding, third-party risk management lifecycle
Offboarding a vendor is a critical step within the third-party risk management lifecycle. The process will differ based on the vendor and your organization, and details of the offboarding process need to be established before the contract is signed. Use this checklist for important considerations when offboarding a vendor.
offboarding a vendor, vendor offboarding, offboarding, exit strategy, offboarding checklist
With the number of vendors in an organization, it may not always be obvious where a vendor sits on the high-low value spectrum. This eBook will help you determine who your low and high-value vendors are, and how to get the best value from your vendors.
vendor quality, vendor risk, operational risk, reputation damage, due diligence, performance management, vendor owner, vendor manager
The Board, FDIC, and OCC released the official interagency guidance on managing third-party relationships. This eBook gives you 7 takeaways you should be aware of.
regulations, banking, vendor scope, critical vendors, due diligence, ongoing monitoring, documentation, reporting
Regulatory examiners have distinct expectations when it comes to the boards involvement in third-party risk management. Listen to learn the board's place in regulatory exams, and how you can lend a helping hand.
TPRM, regulations, regulatory exams, contract management, audit, due diligence
Some healthcare organizations will accept an independent audit report in lieu of a vendor completing an assessment questionnaire. In this infographic learn what to look for in a vendor's SOC 2 Type II audit report and key elements to review.
risk posture, risk assessment, audit report, cybersecurity, PHI, protected health information, healthcare due diligence
What do you do if a vendor's SOC report is filled with issues? Use this infographic as a guide to determine how to proceed with the vendor, whether that's addressing the issues or passing on the vendor relationship.
cybersecurity, due diligence, regulatory audit, vendor offboarding, controls
This eBook explains what vendor risk management is and how you can implement it. Done right, a good vendor risk management program creates a real strategic advantage for your utility company.
risk mitigation, continuous monitoring, ongoing monitoring, third-party risk management
Regulatory guidance and best practices can change, so it's worth reviewing new information as it becomes available. This eBook contains tips to comply with third-party risk management guidelines across different industries.
Interagency Guidance, OCC, FDIC, FTC, The fed, FFIEC, CFPB, Securities and Exchange Commission, SEC, NCUA, HHS
Use this infographic as a guideline for important data to collect and continuously update. Ensure that the appropriate stakeholders are well-informed to drive action in your third-party risk management program.
document collection, risk assessment, ongoing monitoring, issue management, Inventory
ESG is a rapidly growing business principle that aims to better measure the success and sustainability of an organization. This eBook provides steps to implement ESG into your TPRM program successfully
CSR, corporate social responsibility, environmental, social, governance
By understanding your vendor's cybersecurity posture and doing the appropriate steps to prevent risk, you can reduce the chances of your healthcare third parties compromising you.
inherent risk, due diligence, information security, infosec, controls, HITRUST, data breach
Not all vendors have the same level of risk. Risk-based vendor due diligence can save your organization time and resources in your vendor risk management program. But, do you know the steps to take and when? This informative video explains the 7 steps.
third-party risk management lifecycle, inherent risk, risk level, risk questionnaire, critical vendor, low-risk vendor
Prioritizing TPRM is essential, even if your resources are limited. There are many advantages in utilizing third-party risk management tools. Listen to this podcast to learn more.
third-party risk management resources, leverage resources, tprm resources, limited resources, software
An effective TPRM program requires strategy to identify, address, and resolve any issues in a timely manner. Vendor relationships will never be perfect, issue management is a necessary component that will help prevent larger problems down the line.
issue management, managing vendor issues, vendor issues, risk management issues
Higher education institutions have become increasingly dependent on the utilization of third-party vendors in today's climate. In this eBook, learn the importance between TPRM and higher education.
higher education, school districts, higher education TPRM, higher learning vendor risk
Risk-based vendor due diligence can save your organization valuable time and resources. In this infographic learn what vendor risk-based due diligence is and why it matters
Vendor due diligence, risk-based due diligence, level of risk, due diligence frequency
Lack of preparation in advance of the contract end date leaves little time for negotiation or modification. Mid-term contract reviews are effective to ensure your vendors continue to deliver products and services as expected.
vendor contract management, contract assessment, mid-term agreement, vendor agreement
Collaboration with vendor owners involves a lot of day-to-day activities, spanning across the three stages of the third-party risk management lifecycle. This podcast outlines tips to improve collaboration between your third-party risk management team and your vendor owners.
vendor owner, training vendor owner, vendor management
Not sure where to begin in implementing a third-party risk management program? Download this eBook to learn the foundational components of a third-party risk management framework.
vendor management, third-party risk management lifecycle, scoping, onboarding, operating model, contract management
Use this as your guide to understand vendor risk management takeaways from the SEC's recent examination priorities report.
vendor risk management, SEC examinations, SEC, regulations, guidance, regulator, guidelines
Writing and updating a third-party risk management policy is known to be time-consuming and without guidance or help, it can be challenging to know where to start. Download this template with accompanying instructions and guide to get started.
free policy template, vendor management policy, third-party risk management policy, policy updates
Understanding how to maximize your TPRM resources will take some effort, but it's a worthwhile goal to help your organization manage risk, regardless of limitations. This informative infographic covers how to maximize your resources.
due diligence, manual processes, outsourcing, vendor risk
For a third-party risk assessment to be effective, you must know what kind of data they can access within your network and what kind of data they will access, process, transmit, or store on their networks. Learn more in the infographic.
vendor risk assessment, healthcare risk assessment, healthcare vendor management, healthcare vendor
The HITRUST certification ensures that a healthcare organization has met the requirements outlines in the HITRUST Cybersecurity Framework (CSF). This eBook outlines how to review your vendor's HITRUST certification.
HITRUST certification, HITRUST, review of HITRUST, cybersecurity framework
No matter the vendor, there may be issues that arise at any point in the vendor relationship. In this podcast, learn examples of third-party risk management issues you may encounter and what to do next.
issue management, vendor issues, vendor issue management, third-party risk issues
As you review the cybersecurity information provided, you'll notice that vendors often have a wide assortment of cybersecurity documents available. To help, this infographic breaks down the types of evidence to collect from vendors.
vendor cybersecurity, cybersecurity documents, document collection, vendor cybersecurity documents
Successful TPRM programs should involve key metrics that evaluate a vendor's health and stability. To help you better understand how to develop key metrics for your TPRM program, we've created this informative infographic.
key metrics, KPIs, third-party risk metrics, develop metrics
Whether you're new to the world of TPRM, or an experienced veteran, you've probably heard the term "vendor risk assessment". In the eBook, learn the process of vendor risk assessments and what to look for in the document.
vendor risk assessment, third-party risk, third-party risk assessment, risk assessments
Natural disasters and cyberattacks are just two examples of business disrupting events that occur in the supply chain. This podcast outlines four examples of how TPRM can help you mitigate supply chain risk.
supply chain risk, mitigate supply chain risk, third-party risk management best practices
Identifying critical vendors is a necessary process that drives many TPRM activities. In this infographic, learn how to identify which vendors are critical to your organization.
high risk, identifying critical vendor, critical vendor overview, high risk vendor
There's a lot to know to have a successful vendor risk management program. This infographic breaks down the what, why, who, and how to help.
risk management, involved in vendor management, third-party risk management, vendor risk management basics, beginner vendor management
What is vendor management and where to start, what you should know to mitigate risk, vendor lifecycle stages, who's responsible for what in a typical lifecycle and useful links and resources.
third-party risk management, to-do list, vendor management
In today's business climate, vendor financial health monitoring is extremely important. There are several factors to consider when reviewing vendor financial health, including inflation, political instability, and more.
vendor financial health, financials, vendor financials, financial importance
Vendor risks are always present. Although you can't eliminate the vendor's inherent risk you can lessen the likelihood by identifying and implementing controls. In this infographic, learn the process of inherent to residual vendor risk.
inherent vendor risk, residual vendor risk, inherent to residual risk process
Healthcare organizations must know how their vendors access, transmit, and store PHI and other sensitive data to remain compliant to protect their organization's and patient's data. Learn more in the eBook
hospital data, healthcare vendor management, healthcare organization, hospital risk management
Tasked with building a third-party risk management program from scratch? Developing and implementing a TPRM program requires considerable planning and coordination. This step-by-step guide will help you get started.
vendor management program, risk management program, TPRM program, third-party risk program
After conducting our State of Third-Party Risk Management Survey in November of 2022, we've analyzed the results and found six key highlights you should be aware. Listen to this podcast to find out what they are.
state of tprm, third-party risk management highlights, best practices, cybersecurity
It's not surprising that most sponsoring small pharma and biotech startups choose to perform their clinical trials with the assistance of CROs. But, not all CROs are created equal, so selecting the right CRO is crucial.
biotech, due diligence, vendor due diligence, contract research organization selection, CROs
It's critical to take into account recent best practices in order to be as prepared as possible for vendor management. This eBook has 30 best practices everyone should know.
vendor management best practices, best practices, third-party risk best practices, vendor risk best practices
It may be time to revisit your third-party risk management program. This eBook walks you through 12 ways you can start to improve your third-party risk management program.
program improvement, improve third-party risk management program, vendor management program improvement, improve vendor management
New to third-party risk management or looking to stay up-to-date on a wide range of industry topics? This interactive guide is full of resources for beginners.
vendor management, risk management, third-party risk management resources
Level up your third-party risk management knowledge with this interactive guide. Continually improve your knowledge, program and more!
vendor management, risk management, third-party risk management resources
Most clinical studies are being conducted with the assistance of third-party vendors. Learn how clinical trial oversight remains a critical activity for sponsor organizations in this eBook.
healthcare vendor management, contract research organizations, CRO, clinical trial oversight
Ensure you're getting the most out of your third-party risk management resources. Download this eBook to get a better understanding of which of your third parties or vendors are determined in scope or out of scope.
vendor management, exclusion, inclusion
Even in today's remote working environment, you need to perform on-site vendor visits. In this podcast, we'll highlight 6 reasons on-site vendor visits are a valuable part of your due diligence practice.
vendor visits, on-site visit, vendor management, due diligence
A standardized and repeatable vendor risk assessment process is essential to protect your organization and customers from avoidable risks. In this eBook, we'll walk you through what you need to know for effective and efficient assessments.
risk assessment, vendor risk, risk assessment guide, vendor risk management
Identifying requirement and best practices for your industry, and following the TPRM lifecycle are great building blocks when implementing TPRM programs. Learn more in this guide.
vendor risk management, TPRM, vendor risk, essential guide, lifecycle, roles and responsibilities, program essentials
TPRM is a complex process that involves many rules, requirements, and processes all of which must be documented. This eBook will explain each of the governance documents and more.
vendor risk management, governance documents, vendor management policy, tprm documents, third-party risk governance documents
2022 was challenging for some organizations this year. In this podcast, learn six third-party risk management best practices to bring into 2023.
best practices, new year, vendor management, third-party risk
The SEC recently released a series of amendments & a new rule under the Investment Advisers Act of 1940, prohibiting outsourcing certain services and functions. We breakdown the due diligence and monitoring requirements and how to prepare in the eBook.
outsourcing vendor management, vendor management, SEC, outsourced providers, outsourced vendors, SEC outsourcing, ongoing monitoring, due diligence
The success of a TPRM program depends on a carefully integrated combination of rules, tools processes, and people. In this eBook, learn the existing roadmap, known as the third-party/vendor risk management lifecycle and more.
vendor risk management, risk management, third-party risk management lifecycle, vendor risk, mitigate risk
Contract research organizations (CROs) demonstrating strong vendor risk management programs can help sponsors feel their exposure to risk is well managed. In this eBook, learn the importance of sound vendor risk management for CROs.
CRO, contract research organization, outsourcing, clinical trial, risk exposure, due diligence, ongoing monitoring, third-party risk management program, vendor risk management, vendor risk
What does it mean for a healthcare organization to perform a risk assessment on a vendor? Is it a questionnaire, review, or process? Learn what a vendor risk assessment entails in this eBook.
healthcare, healthcare vendor management, risk assessment
In order to properly manage your vendors' associated risk, you need to thoroughly understand your organization’s vendor risk appetite statement. Use this infographic to help.
third-party risk management, vendor risk appetite, risk appetite statement, vendor risk
Third-party risk management involves many activities that can take up a lot of your team's time and resources. Listen to this podcast to learn 5 advantages of outsourcing TPRM tasks.
outsourcing vendor management, outsourcing tprm, outsourced vendors, third-party risk management tasks
Without the right documents, your vendor risk assessment can't be completed correctly, if at all. In this infographic, learn best practices and tips to improve document collection efficiency.
document collection, vendor due diligence, due diligence, vendor documents, documents
The two most common reports, the SOC 1 and SOC 2, each assess a different scope of the vendor's controls and performance. In this infographic, you'll learn the difference between the two and which report you'll want to request.
vendor soc, soc reports, request soc report, SOC 1 report, SOC 2 report
A cybersecurity incident can have detrimental effects on your organization's financial health, reputation, and more. In this eBook, we'll cover why cybersecurity and business continuity are linked.
cyber risk, cybersecurity risk, vendor cyber risk, BCP, cybersecurity measures
Protecting your customers' sensitive information is important. In this podcast, learn ways to safeguard your organization from third-party cyber risk.
cybersecurity, vendor cybersecurity, cyber risk, cybersecurity risk
Establishing clear expectations with your vendor from the earliest stages of entering a relationship is important. There are two clauses that are essential, learn more about them in this infographic.
right to audit, cybersecurity, information security, data protection, data breaches, vendor management
As many organizations have turned to cloud vendors to store sensitive information, it's more important than ever to look at how you should assess cloud vendors. Learn how to in this eBook.
cloud vendor management, vendor risk, cloud vendors, cloud risk, assessing vendors
You've completed your vendor risk assessment, performed due diligence, and have identified the inherent risk the vendor brings. This eBook highlights examples of ways your organization can improve the security of a vendor's system in your network.
mitigate risk, vendor risk, healthcare vendor risk, healthcare vendor management, third-party vendor risk, hipaa
Due diligence is a fundamental component of any third-party risk program. We will break down how to do vendor due diligence reviews on 6 of the most common reports we do.
ongoing monitoring, oversight, vendor management, due diligence
Venmonitor™ is a new software tool that brings the industry’s best risk intelligence data into one central location, allowing you to easily screen vendor or supplier performance across multiple risk domains.
venmonitor sample, risk intelligence data, risk domains, risk management, software
The truth is that a good third-party risk management program can be a valuable strategic asset. However, it's sometimes necessary to push your organization to ensure that you have a sufficient third-party risk budget. Learn more in the infographic.
vendor management budget, TPRM budget, budget, vendor manager budget
Critical vendor contract management is important. Learn 4 best practices in this podcast to ensure your monitoring your critical vendor contracts.
contract management, vendor contracts, critical vendor, podcast, critical vendor contracts
Many often ask "how many people should you dedicate to third-party risk management?" Even regulatory guidance offers little assistance in this area. Learn considerations, industry data, and more in the eBook.
vendor management, staffing, TPRM staffing
Use this checklist on specific common due diligence items you need to gather for based on if your vendor is classified as low, moderate or high risk.
due diligence checklist, high-risk vendor, checklist, vendor due diligence
Vendor risk management is a best practice, and, for many organizations, it's also a regulatory requirement. Dive deeper into the process of vendor risk management in this infographic.
vendor management process, vendor risk, risk management process,
Understanding what subservices (fourth parties) your vendors use is important. This infographic outlines how to review your subservice organizations within SOC reports.
subservice organizations, fourth-party vendor, reviewing SOC reports, vendor SOC report
Keeping the patient proactive care model in mind when considering TPRM is important. This podcast highlights 4 steps to take in creating a TPRM program for a health organization.
healthcare vendor management, proactive vendor management, third-party risk, health third-party risk
There is a lot to consider when incorporating CSR and ESG into current third-party risk management workflows and processes – including updates to your policy, risk assessments, due diligence, contracts, questionnaires and more.
third-party risk management, corporate social responsibility, environmental, social and governance, vendor management, toolkit
When managing vendor risk, many mistakenly consider critical and high risk synonymous, but they are not. There's an important difference between these terms and how they should be applied. Learn more in this infographic.
risk ratings, vendor criticality, high-risk vendor, vendor risk
There is still limited legislation on mandatory ESG disclosures, but regulators are continuing to address issues like climate change and modern slavery. Listen to this podcast to learn 3 ways to prepare your vendors.
esg disclosures, vendor esg, environmental, social and governance, regulations, disclosures
Ensure your organizations can balance the risks and rewards of the cloud by identifying the potential risks and thoroughly vetting your cloud service providers to make sure they meet your requirements.
cloud vendor, cloud service provider, cloud supplier, vendor management, considerations for cloud vendors
Your contract and due diligence processes requires a unique focus when working with an international vendor. Use this infographic to help.
due diligence, contract management, overseas, international vendors, international vendor management
Knowing how to conduct your vendor due diligence processes is only part of the equation. The real challenge for some organizations is understanding how to interpret and act on due diligence results. Learn how in this eBook.
vendor due diligence, due diligence collection, due diligence results, conducting vendor due diligence
No single financial statement will provide a full picture of a vendor's financial health. There are three statements that should be analyzed together to better understand financial risks posed.
financial statements, vendor financial health, financial performance, vendor financial statements
Measuring a vendor's performance is a necessary process that ensures the engagement continues to be beneficial. Also, helps protect your organization's reputation and ensures any issues are identified and addressed quickly.
measure vendor performance, vendor performance management, ways to measure, performance management
Has one of your critical healthcare vendors experienced a data breach? You can prepare now and anticipate you response to minimize damage, especially if that damage may involve your PHI or patient care.
patient care, healthcare data breach, healthcare organization, healthcare vendor management, vendor risk, cybersecurity
Knowing the risk your vendor brings to your organization is crucial. But, do you know and understand the risk categories or types to be reviewing and monitoring? Take the quiz to test how much you know!
quiz, risk categories, vendor management risk, vendor risk, third-party risk quiz
The healthcare industry practices proactive care, this same concept can be done for managing its third-party risks. Learn the importance for proactive vendor risk management in healthcare in this infographic.
healthcare, proactive care, proactive vendor risk management, vendor management, vendor risk, hipaa
Outsourcing a product or service to a vendor is a standard business strategy that can provide many benefits. Ensure you know these 6 vendor risk categories and common red flags.
red flags, outsourcing, risk categories, vendor management categories, vendor risk
The SEC released their 2022 Examination Priorities. Download this whitepaper to ensure your organization has your TPRM program in order.
exam preparation, vendor management exams, exam priorities, third-party risk management exam, cybersecurity, reports
Give yourself the ability to more successfully sidestep the aftermath of potentially disastrous scenarios by analyzing your vendor's business continuity and disaster recovery plans.
ongoing monitoring, disaster recover planning, business continuity planning, business planning, risk management
Vendor financial health includes many factors that your organization should be cognizant of and review accordingly. This podcast highlights three mistakes to avoid when reviewing.
vendor financial health, financial stability, financial reviews, vendor performance
When outsourcing a product or service to a third-party vendor, your organization is exposed to risks that naturally occur, referred to as inherent risks. Learn sample questions to ask and next steps to take after completing a questionnaire in this eBook.
inherent risk, vendor risk, sample questionnaire, vendor risk assessment, eBook, questionnaire
The Standard Information Gathering (SIG) Lite questionnaire is a standardized questionnaire developed by Shared Assessments and used by organizations to provide information surrounding their control environment. Download a free SIG Lite assessment today.
sig lite, sig assessment, sig lite sample, free sig lite assessment
Vendor relationships can end for many reasons. Your organization's needs may have shifted and you're looking for a different vendor that better aligns with your goals. Whatever the reason for ending the relationship, you want to ensure you have an established offboarding process that minimizes issues.
offboarding, toolkit, comprehensive eBook, interactive checklist, vendor relationship management , exit strategy, termination
There is a beginning and end to every third-party relationship. In this podcast, you'll learn the stages of third-party risk management lifecycle.
lifecycle stages, onboarding, offboarding, ongoing activities, podcast
Learn the steps of the third-party risk management lifecycle to protect your organization from vendor risks using this toolkit.
third-party risk management lifecycle interactive toolkit PowerPoint Template Printable 1-Page PDF due diligence, contract management, risk assessment, scoping
When your organization is exposed to a variety of vendor risks, it doesn't hurt to have the extra layer of protection that vendor site visits provide. Use this handy checklist and infographic to ensure your organization understands the importance of site visits.
checklist, on-site visit, virtual vendor visit, vendor risk
Not sure where to include in your vendor contracts? This eBook outlines sample contract language and recommended tips to help with contract creation.
contract management, vendor management, contract compliance, contract clauses
Use this checklist of things to help you manage and be sure you’re prepared when you have an upcoming audit or regulatory exam.
checklist, auditors, vendor management exam, vendor management audit
Are you prepared to handle it when your vendor suffers a data breach? Cyber attacks have become a normal part of daily routine. Learn what to do.
vendor data breach, suffered data breach, vendor data breach next steps, cyber attack next steps
Although you don't have direct contact with your fourth parties, it's essential to understand how your third-party vendors manage their risk. Use this helpful infographic when discussing fourth-party due diligence with your vendors.
vendor relationship, vendor risk, vendor management, fourth-party risk
Successful vendor risk management requires the teamwork of stakeholders across the organization, and vendor managers play a crucial role. This eBook will help you engage, educate and enable your vendor managers.
vendor manager education, manager training, vendor manager tips, vendor management
Mitigating vendor risk is an important component of your vendor management program to ensure that your overall business operations can continue on. Listen to this podcast to learn how to mitigate vendor risk.
mitigate third-party risk, third-party risk mitigation, vendor risk management
Your third-party risk management program document lays out the concepts within the policy. Download this checklist to assist in creating an effective and mature third-party risk management document.
governance documentation, vendor management program document, policy documents, documentation
Your critical vendors provide products or services that your organization is highly dependent on. Learn the questions you can ask to determine if a vendor is critical or non-critical in this infographic.
high-risk vendor, vendor management, vendor risk, third-party vendor
Vendor scorecards are a valuable tool to help you track and measure vendor performance. Download this eBook and template to improve your understanding of vendor performance metrics.
vendor vetting, ongoing monitoring, vendor management, performance monitoring, vendor scorecard
Third-party risk management in practice is a complex ecosystem of processes, tasks, timing and risk mitigation. Various responsibilities and requirements are distributed across a range of accountable stakeholders. Download this toolkit for helpful templates and charts.
vendor management, vendor oversight, stakeholders, roles and responsibilities
You should partner with a vendor who meets your organization’s expectations. Download this infographic for signs that it is time to end your vendor relationship.
vendor relationship, vendor management, third-party risk management, vendor profiling
All vendor relationships have inherent risks. If you choose to work with the vendor, you'll need different techniques to handle the risk. This infographic covers three risk handling techniques known as mitigation, transference and acceptance.
inherent risk, vendor relationship, vendor management
Third-party risk management is no exception, and as a practice, has steadily changed its tune over the past few decades. Explore the advances in third-party risk management in this infographic.
vendor management evolution, vendor lifecycle, industry change
As part of your vendor due diligence process and regardless of risk level, there are 19 items your organization should be committing to file for every third-party involved with your business.
initial vendor vetting, due diligence, onboarding
Listen to this podcast that highlights three main third-party risk management lessons learned in 2021. Learn how your organization can use these lessons to prepare for 2022.
due diligence, tips, vendor management
Well-written contracts are the foundation of the relationship between your organization and your vendor. Download this infographic to learn 5 reasons you should renegotiate vendor contracts.
vendor contract management, addendum, vendor relationship
Not sure where to start when building a third-party risk management program? This podcast covers 4 essentials tips to building a TPRM program and what you should include.
vendor management, due diligence, vendor risk
Don't let your vendors scare you this Halloween. Discover risky vendor situations that should be laid to rest in the third-party risk management cemetery in this infographic.
vendor management, vendor behavior, critical vendor, third-party risk management
Your third parties should be ranked as critical or non-critical for business disruption. This infographic outlines 10 general items that are needed to be on file for critical vendors.
vendor management, vendor risk, critical vendor management, due diligence, due diligence items to review
This infographic breaks down four key areas to pay attention to regarding vendor cybersecurity that will help you prepare your organization.
cybersecurity areas, vendor risk, vendor management
This podcast will highlight what you should be reviewing in your third-parties incident response plans. Gain an understanding of how your vendor will respond to an incident when it happens.
vendor management, third-party risk, continuity planning, vendor risk
To help ensure you gather the information you need, use this handy checklist that covers what you need to review when analyzing your vendor’s cybersecurity.
data breach, information security, vendor cybersecurity checklist, cybersecurity checklist, checklist, vendor risk, cybersecurity risk
Michael Kossman, Chief Operating Officer and Chief Compliance Officer at Aspiriant, talks about the challenges of implementing a third-party risk program in asset management and the importance of third-party risk management.
third-party risk management program, due diligence, third-party risk challenges, vendor management
Third-party cybersecurity must be managed now more than ever. BitSight Security Ratings are a powerful way to continually monitor your third parties and ensure you are proactively assessing cyber risk.
bitsight sample, cybersecurity rating sample, third party rating sample
Learn how proper review of a vendor SOC report helps your org, when to obtain and review a SOC, differences between SOCs, Complementary User Entity Controls, key areas to review and more.
vendor management, security organization controls, vendor risk
Clearly communicating setting expectations with your third party is essential for building a healthy and productive relationship. Download this playbook designed to support third-party risk management teams.
vendor relationships, prospective clients, communication, playbook for vendor managers
Performing risk assessments may seem daunting, but are a worthwhile investment. Download this infographic to learn the tried-and-true steps to complete a vendor risk assessment.
vendor risk assessment, risk assessment, how-to, TPRM, vendor risk, risk management, vendor risk management, assessments, third-party risk
Vendor contracts work both as a roadmap to guide you through the business relationship and as a safety net. Download this eBook to learn what to include in critical vendor contracts.
critical vendors, critical vendor management, vendor contract management, vendor management
Understand how to get from inherent vendor risk to residual risk in this podcast. Learn the basics to calculate these risks.
vendor risk management, risk rating, calculating risk
Learn how to maximize value, cost, quality, day-to-day advantages and more. Download this infographic to understand the strategic advantages of doing TPRM.
Third-party risk management, cost advantage, quality advantage, maximize benefits, vendor management
Well-written business continuity and disaster recovery plans are important. Ensure your critical vendors are accounted for in your plans. Download the infographic to learn how.
third-party risk management, critical vendor management, continuity planning
Organizations are feeling the strain of keeping data and systems safe. Download this eBook to understand how TPRM and InfoSec teams can collaborate.
data, third-party vendors, relationship building, collaboration
Listen to this podcast to understand the various types of vendor business continuity and disaster recovery testing.
third-party risk management, testing, bc/dr testing, vendor management
Many of the OCIE's priorities changed as new risks emerged and existing risks were mitigated or heightened. Download the whitepaper to ensure you have your third-party risk management in order.
cybersecurity, vendor risk, third-party risk management, vendor management, ocie priorities
This eBook will guide you through creating an effective vendor risk assessment questionnaire of your own for proper third-party risk management.
vendor risk management, third-party risk management, questionnaires, assessments
Learn examples of fourth-party related clauses and how to write these requirements into your vendor contracts.
third-party risk management, due diligence, contract management, fourth parties, requirements
Download this checklist to ensure your vendor's business continuity and disaster recovery plans are in place and on the right track.
checklist, vendor management
Inherent and residual third-party risk are interconnected, but they do have differences you should be aware of. Learn the differences between them and how they can affect your organization in this eBook.
vendor management, third-party risk management lifecycle, strategic enabler, regulatory compliance, organization strategy
Realizing the value of third-party risk management as a strategic enabler requires you to look beyond the routine check-the-box requirements. Download the eBook to get an understanding on how TPRM can enable your organization's strategies.
vendor management, third-party risk management lifecycle, strategic enabler, regulatory compliance, organization strategy
Download the infographic to learn the next steps to take that enhance your organizations internal processes and procedures.
financial risk, financial assessment
It's essential to understand the risks posed in third-party relationships. Download this eBook to learn about the different types of vendor risk and how they can impact your operations.
due diligence, risk assessment, vendor risk, vendor management, financial risk, reputational risk, operational risk
Vendor financials are an important topic. Understand what documents are acceptable to ask for from privately held vendors in this podcast.
third-party risk management, vendor management, due diligence, document collection
Listen to this 90 second podcast to learn the three best practices for overseeing international vendors.
third-party risk management, risk assessment, risk category, due diligence, best practices, international vendors
Download this eBook to understand the importance of your vendor's financial health, especially your critical vendors and how they can affect your organizations reputation.
due diligence, risk assessment, vendor selection, financials
Understanding the key roles involved in third-party risk management is important to you and your organization. Learn their responsibilities and how they fit into your third-party risk management program.
vendor management, involvement, staffing
This extensive flight path assists with mastering third-party risk management. Successfully navigate through these third-party risk terminals to help your organization, your customers and your key stakeholders remain safe on the third-party risk trip.
due diligence, risk assessment, vendor selection
Spring is the perfect time to dust off your vendor management program and clean up your processes with these tips.
vendor management, due diligence, policy
Play this interactive game and read the quick guide to learn why these 5 pitfalls of vendor risk come into play and what to do.
due diligence, vendor issues, third-party risk management, vendor risk
Download the infographic to learn the definitions of each type of SOC report and how they can benefit your organization.
Listen to this 90-second podcast to hear more about the differences between questionnaires and assessments and why your organization needs both.
Use this guide when developing, managing mature vendor management governance documentation.
Listen to this week's podcast to help you create your third-party risk management procedures to be more successful.
Learn 6 best practices you need to do when measuring, assessing and planning vendor management processes in the new year.
Are you selecting a core processing vendor? Listen to this 90-second podcast to learn about the factors you need to keep top of mind.
Find out what important lessons you need to be aware of going into the new year, so you can be more successful in vendor management.
This podcast covers a few of the items that you should tackle before the end of the year to be better prepared for 2021.
Whether you are new to vendor risk assessments, or want to improve your current approach, this video walks you through how to manage the process successfully.
risk assessment, risk rating
This video breaks down the basics of what vendor financial health is and why you should be including this step in your organization’s due diligence process.
oversight monitoring, ongoing monitoring
Listen to this podcast to help you figure out the best way to gather vendor management resources.
If you don’t have an adequate plan to properly manage your vendor’s risk, then your organization could be another scary statistic. Learn how to stay safe.
data breach, information security, data breach statistics
To help fintechs win points with your clients, use this infographic that covers what you need to know about the changing vendor management expectations.
third-party risk management
Find out what the three scariest consequences are that can occur if you have a missing item on your vendor SOC report by listening to this week’s podcast.
In this podcast, learn the top four tips that will help fintech organizations more successfully meet their client and regulator expectations.
You can take specific steps that will help you maximize even the smallest budget for vendor management. Listen to this week’s podcast for the top three tips we recommend to help you make the most of your organization’s budget.
If you have well-developed vendor contracts, then you're setting your organization up for success when it comes to vendor oversight. Find out the top three reasons why your vendor contracts directly affect your level of oversight.
due diligence, contract management, ongoing monitoring
This complimentary toolkit includes reporting package templates and provides you with guidance on how to format vendor board reports.
third-party risk reports, board reporting, report vendor risk management activity
Once you receive a vendor contract, there are specific steps that you should take for a more successful process. This 90-second podcast covers the 5 most important steps our experts recommend you're following.
contract management, contract negotiation
Whether your exam is conducted in-person or remotely, this 90-second podcast covers the 7 most important items you should always have prepared.
Jenn Wilkinson, Vice President of Strategic Vendor Management at Cenlar FSB, shares her thoughts on the process of building an expert vendor management program from the ground up.
third-party risk management program, due diligence, initial vendor vetting
This comprehensive eBook breaks down how to create your third-party risk management procedures documentation.
vendor risk management program
Listen to this week’s podcast to find out three important questions we recommend you include in your questionnaire.
There are important requests you need to include in all of your vendor contract negotiations. These 5 will help set your organization up for success. Find out what they are by listening to this podcast.
Looking for ways to improve your program in light of the recent pandemic? This infographic breaks down what you need to know.
covid 19, third-party risk management covid, covid 19 tprm, pandemic third-party risk management
With COVID-19 impacting many vendors' businesses, use this infographic to help you prepare for the aftermath.
Organizations may not have the internal capabilities to properly manage every step of the process. Listen to this podcast to learn how to determine if your organization could benefit from outsourcing vendor management support.
You should be proactively taking steps to mitigate risks posed by potentially vulnerable vendors. This podcast covers seven steps you can take to ensure your organization is safe against vulnerable vendors.
ongoing monitoring, oversight, due diligence, oversight management
There are three key components of information security that you should monitor when analyzing your vendor’s information security strength. Listen to this podcast to understand the CIA Triad.
cybersecurity, information security
Protect your organization by looking out for the 10 signs covered in this 90-second podcast that will indicate your vendor's financial performance is declining.
To be better prepared for future pandemic related situations, use these 5 takeaways learned from COVID-19 to improve your third-party risk management procedures.
vendor management procedures, business continuity, disaster recovery
Use the 11 tips in this infographic to help you prepare yourself for properly managing vendor risk.
third-party risk, third-party risk management, vendor management
There are specific requirements fintech companies and third parties must comply with if they're going to partner with a bank. Listen to this week's podcast to learn what you need to know about the FDIC guide for fintechs and third parties.
Is your vendor’s financial performance declining? To protect your organization there are some warning signs to look out for. Be aware of what the consequences are and your steps for recourse.
oversight, ongoing monitoring
There are 3 "behind the scenes" vendor lifecycle requirements that are constant and should be maintained throughout the entire vendor relationship. Listen to this week's 90-second podcast to learn more about what they are and why.
third-party risk management
These COVID-19 vendor management best practices will help you with current challenges.
third-party risk best practices
While preparing for a vendor management exam is a crucial step in the process, how you follow-up after the exam is equally as important. Listen to this podcast that will cover the 5 next steps you should be taking after a vendor management exam concludes.
examination, third-party exam, audit
Communication and collaboration are key in implementing a risk assessment process. Download this infographic for how to collaborate during the process.
vendor risk assessments, risk assessments, collaborate vendor risk assessment process
Does your organization understand your vendor’s financial viability and performance? Here are 4 reasons why your vendor’s financial performance is crucial for you to report on.
Due diligence is an important step in vendor management, so cutting corners can be dangerous. Learn what could go wrong with a check-the-box approach.
Do you need help determining what your vendor risk appetite is? This podcast answers common questions you may have when it comes to determining your organization’s risk appetite.
Join us and Glen Trudel, Partner at Ballard Spahr, LLC. We discuss the biggest third-party risk struggles financial institutions face today, how to handle ongoing vendor risk management and vendor oversight, addressing cybersecurity, board involvement, industry expectations and more.
Each vendor management concept brings varying components to an organization’s overall structure. Listen to this podcast to dive deeper into each concept.
When your vendor fails to meet the SLA requirements outlined in your contract, it can have negative consequences. Listen to this podcast for next steps.
If your vendor isn't meeting your organization’s needs, it may be time to start searching for a new vendor. Listen to this podcast for steps to help you with the process.
When you are evaluating your vendors, you can use this handy checklist to help walk you through the process.
vendor risk, checklist, vendor management, risk management
One of the most crucial aspects of vendor management is performing a third-party risk assessment. Use these 5 practices to help get started.
Use the third-party risk lessons and guidance learned this year to help your organization be even more successful with vendor management in 2020.
Listen to this 90-second podcast to hear our four third-party risk expert tips to help you when improving your vendor due diligence strategy.
Learn more about the specific differences between high-risk and critical vendors with this helpful infographic.
high risk vendor, critical vendor, differences between high risk critical vendors
Whether you’re creating your program for the first time, or revising it, here are 8 best practices.
There isn’t a one-size-fits-all solution to vendor management policies. Use the regulatory expectations and industry best practices to help.
vendor risk management policy, risk management policy, creating policy, updating policy
Budget season is upon us! Prepare yourself and your organization by planning ahead now for third-party risk. Listen to this podcast for more information.
You can start to better understanding of what specific items you need to look for in your vendor’s cybersecurity plan with this 90-second podcast.
Understand why the risk your third parties pose to you is important to your financial institution clients. Download the infographic.
fintech provider, financial institution
What fintech companies need to know about third-party risk management, regulations and 4 tips to meet regulator and client expectations.
tprm practices, fintech tprm, fintech best practices, best practices for tprm, fintech tprm practices
Take steps to protect your organization from vendor cybersecurity risk. Listen to this podcast for 6 steps to manage third-party cybersecurity risk.
There will be business events that occur with your vendor that can impact your organization. Listen to this 90-second podcast to learn 11 items to look for in business continuity plans.
This useful infographic that will walk you through what to negotiate into a contract for third-party management.
Proper vendor management requires you to periodically go update and improve elements of your program. Listen to this 90-second podcast to hear specific steps to take to improve your third-party risk program.
vendor management program, vendor risk management program
There are steps you can take to make the process more efficient when reviewing a SOC report. Listen to this week’s podcast to find out 7 steps to take.
It's critical to verify if your vendor is implementing strong business continuity and disaster recovery planning. This eBook will break it down for you.
The constant shift can lead to occasional problems in third-party risk management. If you take the time to manage the process correctly and implement specific procedures, it could help you avoid costly errors down the line.
ongoing monitoring, oversight, due diligence, issue management
Because there's no one-size-fits all approach to vendor management, it's important you determine which model will help your organization reach its goals. This eBook will help.
For a smooth third-party risk examination, 3-4 months in advance of the examiners’ arrival you should prepare or fine-tune these 9 documentation items. We'll tell you what they are and some tips.
You need to monitor your vendor’s compliance with regulatory guidance, auditors, examiners and consumer expectations. Use this infographic to help.
compliance management, exams, audits
Make your vendor risk management program is successful, here 7 are the seven critical items that you need to focus on.
This interview features Michael Donnella, Corporate Compliance Officer of Murphy Oil Corporation. Michael shares his perspective on corporate compliance and why having a culture of compliance in third-party management is crucial for organizations.
regulatory compliance, regulatory guidance
Throughout your vendor risk management process, you should be conducting due diligence both pre and post-contract. In this 90-second video, learn the different due diligence items you should be requesting from your third-party vendors.
You need to also monitor your vendor's complaints as a critical part of third-party risk management. Listen to this podcast for more information.
Determining who your critical vendors are is an important part of the process. Watch this 90-second video, and hear important questions to ask yourself in order to figure out which of your vendors are critical.
Improve your vendor due diligence process, with this informative infographic that covers specific strategies that you can use to protect your organization.
With 2019 underway, we decided to put together some tips to help your organization stay proactive in vendor management. This podcast will give you a quick refresher on third-party risk best practices.
An effective third-party risk management program is key to protecting your organization. Watch this 90-second video to learn the 9 steps that you should take in order to create a third-party risk program.
How your organization manages and responds to complaints has become critical. Here are some tips to help you develop an effective complaint management system.
Risk assessments are vital to the success of an organization’s vendor management program as you delve further into any risks vendors pose. This infographic shows you the what, why, when, who and where of them.
Having a strong vendor risk management program is a great way to protect you and your customers. This infographic covers how to create a program.
Due diligence is another term for third-party document collection. It is one of the most critical activities in third-party risk management. Watch this quick overview of best practices for third-party document collection.
Listen to this podcast for 5 important steps that you can take to measure your vendor's financial health.
Listen to this podcast to learn about vendor contract management from our experts, the importance of contracts to your organization and what steps you should take to protect your institution.
Is there a way to know if you have “dirty” vendors who could use some dusting off? Ensure you know everything important and what steps to take to help you spring clean your vendors.
This interview features Jennie Fowler, Director of EPMO and Vendor Management Officer, at American Credit Acceptance. Throughout the interview, Jennie shares her recommendations to obtain support from the C-suite when it comes to vendor management.
regulatory guidance, buy-in, reporting
Do you know who your fourth parties are? This infographic will help get you started with the when and how of identifying your fourth-party vendors.
fourth-party management, fourth-party vendors, fourth-party vendor risk
Download this eBook for the challenges and possible solutions you may potentially encounter to help you prepare for various vendor management issues.
Maintaining strong vendor management relationships will help lead to a successful partnership for your organization. In today’s podcast, we’ll cover 8 important tips to maintain good vendor relationships in 90 seconds.
UDAAP has presented some concern to third-party risk professionals. In this podcast we cover procedures and best practices to effectively manage UDAAP and your third parties.
regulatory compliance, guidance
With the increase in regulations and vendor oversight requirements, managing vendors with a spreadsheet is very inefficient. Here are 7 reasons why spreadsheets will not cut it anymore.
This interview focuses on the role of vendor management in financial institutions from a legal and regulatory perspective. We cover the pain points organizations are experiencing for third-party risk, which includes data aggregation, organizational consistency, reporting and cybersecurity.
We'll cover tips for developing a vendor risk assessment template, also referred to as a VRA questionnaire. These are important while assessing how much risk your vendor presents to you. Check out our 5 recommendations.
When getting started in vendor management, there are three sets of documents that you want to create. The first document that you should focus on writing is your third-party risk policy. In this podcast, we're going to walk you through 6 steps to take in order to write an effective policy.
Evaluating your vendor's regulatory risks ahead of time can help you avoid some very costly surprises down the road. Use this infographic to see how to rate your vendor's regulatory risks.
regulatory risk, vendor regulatory risk, rate vendor risk, rate vendor regulatory risks
Are you looking to expand your vendor management team? There are certain steps you can take in order to find the most effective team your organization. In this podcast, we discuss 5 tips to recruit potential vendor management team candidates.
Put your knowledge to the test by downloading this crossword puzzle that is filled with third-party risk clues and phrases.
Vendor management typically takes an individual who is meticulous in detail, thorough and patient to perform the job. In this podcast, we’ll wrap up the year and touch on some attributes found in good vendor managers.
This interview covers qualifications that are needed on a third-party risk management team, why cybersecurity risk is something that you can never defeat and a thought provoking conundrum about the introduction of decentralized technology.
It's easy to get so involved with vendor management that you miss basic, but key, items. Find out what the top 25 errors are to avoid in your vendor management program in 2019.
risk management errors, how to avoid vrm errors, vendor risk management, third-party risk errors
This podcast covers 7 of the 2018 best practices that you should continue into the new year. They range from engaging the first line of defense through continuing education.
third-party risk management process
This interview covers both a legal and industry perspective on third-party risk, impact of fraud in third-party risk management, discussion regarding increased oversight at the state level and a post Dodd-Frank Act lesson - senior management and the board must be involved.
regulatory compliance, guidance, reporting
Third-party risk management needs to be a part of the board's regular activities. Listen to our 5 tips to help you prepare for periodic vendor updates to the board
With the increase in regulatory demands, it's crucial to be as efficient as possible. Take the right steps to increase efficiency - we have 8.
third-party risk efficiency, improve third-party risk management, vendor management improvement, program improvement
We gathered 8 terrifying real-life third-party risk management stories from compliance officers and vendor management teams across various sizes of organizations. Learn from their mistakes.
third-party risk management stories, tprm stories, vendor management stories
Be prepared for when your vendor experiences a data breach by doing these 10 best practices. Hackers do not discriminate when looking for an asset to attack.
handle vendor data breach, vendor data breach, how to handle vendor data breach, vendor data breach best practices
Follow these basic dos and don'ts of vendor contract risk management. There are steps to take, 8 additional tips to help mitigate vendor risk and 5 huge mistakes to avoid.
vendor contract, contract management, vendor contract management process
The relatively new New York Department of Financial Services (NYDFS) regulations not only cover the organization, but also the organization's third-party vendors. Ensure you're in compliance.
regulatory compliance, guidance
Join us and Ashley Kelley, VP of ERM at APCU, for a discussion on third-party risk overall, centralizing third-party risk management - why it can be a struggle but is needed, insight from the VP for the International Association of Financial Crimes Investigators (IAFCI) on cybersecurity expectations and concerns and more.
A well-developed policy, program and procedure documents are all crucial to the success of an organization’s third-party risk management department. Listen for some quick tips to help you.
vendor management program
Could your vendors be your weak link? To learn how to protect your organization from third-party vendor cyber risk, our infographic covers 7 key steps to follow.
cybersecurity, information security, rising vendor risk
SOC reports differ based on what they cover, how the auditor performs the assessment and what level of detail the reports include. Learn the differences between a vendor SOC 1 and SOC 2 report and Type 1 and Type 2.
cybersecurity, information security
Fourth parties are just as important as third parties. They can have access to your confidential information and thus you must make sure you do proper oversight and effort with these companies.
fourth-party vendor, fourth-party vendor oversight, vendor oversight
Join Venminder and Amy Hanna Keeney, Attorney with Adams and Reese LLP, for a thought-provoking interview on 2018 CFPB progress & activities, what you can expect from the CFPB in regards to regulatory guidance, the future of UDAAP enforcement actions, CFPB hot topics for the coming months and more.
regulatory guidance, regulatory compliance
Whether negotiating a new vendor relationship or renewing an existing one, learn how to develop a contract that clearly defines expectations and responsibilities of the vendor, tips and best practices.
vendor contract, contract management, sign vendor contract
In this podcast, we'll go through 11 reasons to consider your third-party risk management department/program when budgeting for the upcoming year.
Join us and Michael Morris, Systems Partner at Porter Keadle Moore, LLP, for an auditor's perspective on vendor risk management. Topics covered include: best practices for managing risk, addressing today's cybersecurity threats and risks, top areas of concern for a SOC audit report and more.
It's a best practice to consider the costs associated with negotiating key contract terms and pricing within your third-party risk management program. Listen to this podcast that covers 5 vendor contract considerations for your budget.
This podcast covers how FIEC’s Appendix J relates to your vendor risk management program and 4 key elements of business continuity planning that you should address when contracting with a third-party service provider.
regulatory guidance, compliance
Learn what to include, reasons why you'd need multiple assessments, an example and 3 best practices.
assess vendors, product level assessment, how to assess vendors
Take a look at what we consider to be 24 of the current best practices to minimize vendor risk and ensure your org is a top performer in TPRM.
minimize vendor risk, how to minimize vendor risk, best practices to mitigate risk, mitigate vendor risk
Allow your clients to feel much more at ease when selecting you as their preferred vendor of choice to continue doing business with - follow these 5 best practices now for a well-developed and organized third-party risk management process.
Vendor vetting and ongoing monitoring are both important stages of the vendor lifecycle and due diligence process, but, why exactly is due diligence so important for vendor risk management? Listen to our third-party risk management podcast now to learn the top 5 reasons.
As a third-party service provider, the SSAE 18 audit requires that you have an effective vendor management program in place. Are you prepared? In our latest eBook, we'll take you through all the steps you need to know for..
regulatory compliance, regulatory guidance, ssae 18, ssae 18 audit
We all hope to never experience a breach at our organization, but if it does happen, do you know what to do? You can minimize the chance of it happening again by using these 4 best practices to improve your third-party risk management program.
data breach, cybersecurity, information security
What the SLA should state, opportunities provided by SLAs to your organization, negotiating service levels, the 8 elements a model SLA should include, best practices and more.
exit strategy, get out of vendor contract, vendor contracts, contract management
Third-party risk management is associated with a great deal of tasks and a large workload, so here are 6 tips that can provide some relief.
Listen to this third-party risk management podcast where we take into consideration regulatory guidance OCC Bulletins 2013-29 and 2017-7 and FDIC Letter 44-2008 to help guide you through the vendor risk assessment process. Learn how to complete a vendor risk assessment, steps and tips.
A third-party information security assessment is an integral part of judging a vendor's risk level. Learn 3 core principles, key regulatory guidance, why use one and 3 questions to ask.
cybersecurity, information security assessments, what are infosec assessments, infosec assessments
Join us and Loraine DeBonis of Ubiquity Compliance Solutions for key takeaways from a panelist at the NBPCA’s Power of Prepaid conference perspective, challenges banks & prepaid program managers are facing regarding the Fed’s Regulation E, improving risk management and more.
You've gone through the 6 steps and best practices for a mid-year third-party risk management progress check, so now what? Listen to learn the next steps to take, how to document your findings and how to improve upon the process as a whole.
Join us and Ed DeMarco, General Counsel and Director of Operational Risk & Regulatory Relations/Communications of the Risk Management Assocation (RMA), for a discussion on vendor risk management challenges & best practices, cybersecurity, regulatory compliance and more.
When you understand why vendor due diligence reviews are necessary, it’s easier to see the increased benefits and make due diligence a priority. Download this vendor management infographic where we'll further explain why.
vendor due diligence, why do we do vendor due diligence, conduct vendor due diligence, how to conduct vendor due diligence
Join us and Jim Hussey, Founder of IT-TPRM.com, for a discussion on vendor risk management challenges, why you should place heavier focus on technology or fintech risk, how to engage the first line of defense, advice on meeting OCC lifecycle expectations, best practices and more.
What is a SOC report? It's an audit report performed by a public accounting firm and attests to the existence & effectiveness of the controls put in place to safeguard your data. Listen as we break down 6 important parts.
Learn what is a critical vendor, how to identify your critical vendors, examples of critical vendors and best practices to monitor for proper third-party risk management.
risk assessments, critical vendor, identify critical vendor
Join us and Andrew Lorentz, Attorney at Davis Wright Tremaine LLP. We discuss balancing commercial opportunities with compliance initiatives, importance of community involvement and legal analysis, cybersecurity at exams and outside counsel's view on if the board is properly involved.
How to assess vendor financial risk. Failing to do so can be detrimental to not only your third-party risk management program, but may have direct implications on how you operate your business.
vendor financial risk, assess financial risk, vendor financials, vendor financial risk assessment
Guide for initial and ongoing due diligence that covers how to do it properly, benefits, items to request, understanding your vendor's regulatory risk impact and more.
vendor due diligence, how to do vendor due diligence, vendor due diligence how to, conduct vendor due diligence
A non-elective vendor is one you don't have a direct relationship with, but your third-party does - making them a risk to you and therefore requiring some oversight. Listen to learn the associated responsibilities.
ongoing monitoring, due diligence
Understanding you vendor's classification is a third-party risk management best practice, but what does it mean? This infographic will walk you through the steps to classify your vendors.
vendor management, list creation, vendor rating, risk rating, classify vendors
Join Venminder and James Russell, CPA at Russell Bank Consulting. James discusses third-party risk management changes over the last decade, common third-party risk management issues during examination, how to handle third-party relationships that start to go downhill and more.
While the General Data Protection Regulation (GDPR) has a global impact on any company which is collecting, storing, or accessing European resident data. Listen to Third-Party Thursday to learn what you need to know.
regulatory guidance, regulatory compliance
Join us and Elizabeth Khalil, Partner of Dykema Gossett PLLC. She discusses how third-party risk has evolved, UDAAP risk, the need for vendor management from fintech companies, how defining responsibilities eliminate gaps, why efficient ongoing monitoring is key and more.
regulatory guidance, compliance, oversight management
Venminder sat down with Suresh Ramakrishnan, SVP of Ascendum Solutions, for an interview on third-party risk management best practices and how outsourcing (if managed correctly) can provide greater efficiencies, reduce your workload and help with cost management.
Download this infographic for 9 steps for developing an effective program, the importance of analyzing due diligence docs and contract management and more.
vendor management, effective vendor management program, program building, building a program
What makes a third-party risk management plan successful? Listen to learn 9 best practices and key components of a well-managed third-party risk management plan for you to implement now.
Here are daily vendor management regulatory compliance efforts you can implement in order to keep up with third-party risk regulatory reform.
When reviewing and negotiating critical vendor contracts, consider many elements. Here's 5 key provisions to give special attention.
vendor management, contract management
Listen to this podcast for what you need to know about UDAAP (Unfair, Deceptive or Abusive Acts or Practices), how they affect your third-party risk management program and items the CFPB is highly critical of.
vendor management, regulatory guidance, regulatory compliance
The best way to prepare for new regulatory guidance, how to stay in compliance and some commentary on new regulations taking effect in 2018.
Learn about 'bucketing your vendors' - a high level vendor classification system that can help you with third-party oversight, ongoing monitoring and preventing problems down the road. We'll also tell you how to develop buckets of your own.
ongoing monitoring, due diligence
The best strategy for preparing for an examination is to constantly be ready. Listen to learn 7 items you should have in your examination preparation playbook.
How to identify all your vendors, essential steps of vendor management, prioritizing vendors according to risk level and why fourth parties are important.
what is vendor management, what is third-party risk management, vendor risk management meaning, vendor management definition
Download this infographic for 4 tips to help you avoid an enforcement action, 6 top websites for legal analysis, 2 Q's to ask when reviewing enforcement actions.
regulatory guidance, regulatory compliance, vendor management, enforcement actions
Learn what regulators & senior gov officials in financial services had to say on creating a culture of compliance, why they strongly recommend it and what this entails.
Download this infographic for who should decide and who should approve, why you should not simply accept a boiler plate contract and taking your new vendor through a risk assessment.
vendor management best practices, third-party risk best practices, best practices in tprm
Learn what regulators & senior gov officials in financial services had to say on creating a culture of compliance, why they strongly recommend it and what this entails.
Learn what info to include in board reports, the frequency and format, the appropriate materials to provide in your board reporting package with this infographic.
Listen to learn the basics of the third-party risk management framework, including how it relates to enterprise risk management (ERM).
13 best practices for managing contracts that you won't find in the FFIEC handbook, where your contracts should be stored and why SLAs in contracts are so important.
contract management, best practices vendor contract, vendor contract best practices, contract best practices
Learn what the scope of a vendor's SOC report means and where to find it along with what typical audit periods are and a few questions to ask yourself while reviewing the narrative.
How you should prepare for an exam ahead of time, who's responsible and our expert tips for the examiner's arrival.
vendor exam, notice of exam, vendor management exam, prepare for exam
Improve your vendor risk management program, what requesting one means, what to do if your vendor won't give those reports to you, another way of obtaining the reports.
due diligence items, vendor manager due diligence, vendor manager
Prepping for an audit is stressful, especially if you're scrambling last minute to finish vendor management tasks. In this 90-second podcast, learn 8 steps to help you prepare in advance.
In this 90-second podcast, we cover the three most important reasons why you need to keep third-party risk workflows separate from other business processes.
In this podcast we’re going to discuss 4 important vendor risk management frequently asked questions for beginners to help get you started. The questions like: what vendor risk management is, why it’s important, who is involved and how vendor risk is completed.
How to work with overseas vendors and give them special attention, whether they're a third-party or fourth-party.
We'll discuss fundamental best practices of third-party risk management that you need to implement such as education, tailored ongoing monitoring, outsourcing and not cutting corners.
Venminder was honored to be joined by David Stevens, President and CEO of the Mortgage Bankers Association (MBA). Listen to this interview for discussions on data security, cybersecurity, lessons learned from the housing crisis, the CFPB relation to regulatory compliance and much more.
This Venminder interview drills down into a specific vendor type - the appraisal management company (AMC) and appraisal management software. With Shane Martin, EVP of InHouseUSA, we discuss the specific areas of third-party risk to pay attention to when using an AMC as fourth-party vendor.
What the 3 pillars are, how they help you mitigate vendor contract risk and questions and examples to help guide you.
vendor contract management, vendor contract risk, contract management risk, vendor contracts
Our in-house third-party risk experts can help determine if your vendor's operational and regulatory compliance is satisfactory.
4 key elements in every disaster recovery plan and why you should care about your third parties' disaster recovery preparedness.
disaster recovery, vendor disaster recovery, disaster recovery planning, vendor management, DR, TPRM
Do you know if they have appropriate measures in place and a plan of how to handle business impacting events with you?
Successful vendor risk management starts with knowing who your vendors are. Learn how to create, handle, manage and keep your vendor list and process current.
vendor management, third party risk management, vendor management handbook, risk management handbook
Contract management best practices, summarizing key guidance expectations from reglators and common issues and consequences.
vendor contracts, contract managements, vendor contract management, third-party contract, third-party contract management
Step by step, you will want to check every box to ensure items such as risk, expected outcomes and regulatory requirements have all been properly addressed.
You report the vendor's financial health to senior management and board. What happens when the financial health is poor? We will go over the domino effect, the issue in the industry and what you can do about it.
Ensuring your critical vendors can survive in disaster helps ensure your financial institution can also survive. Learn what Business Continuity & Disaster Recovery plans are & how our team reviews them.
To help you and your team avoid any misunderstandings, we've put together a list of 10 most common assumptions we've seen in the vendor management process.
To join in the fun of St. Patricks Day every year, we've put together a simple infographic on the basic principles of a successful vendor management program.
Even though each vendor agreement includes different contractual terms, 5 security and confidentiality provisions should always be addressed. Let's go through them.
cybersecurity, information security
An ounce of prevention is worth a pound of cure! Perhaps there is no better example than in the third-party risk management. Here are 3 ways you can be proactive to prevent problems.
issue management, ongoing monitoring, oversight, due diligence
Download our sample vendor business continuity plan review and feel free to use it as a guide for doing your own or contact us if outsourcing this type of work is right for you.
It is essential for the future success of your third-party risk management program to continue to make necessary updates. These 6 steps and best practices will help get you started.
due diligence, ongoing monitoring, oversight management
Learn the key takeaways from important third-party risk regulatory guidance released by the OCC, FDIC and FFIEC from our compliance expert.
Check out our latest third-party risk blog posts that you may also find helpful.
Nov 28, 2023 by Hilary Jewhurst
You may have encountered the term banking as a service (BaaS), but don’t know precisely what it means or how it relates...
Nov 23, 2023 by Venminder Experts
Stay up-to-date on the latest vendor risk management news happening this month. Check out the articles below.
Nov 22, 2023 by Hilary Jewhurst
Happy Thanksgiving fellow third-party risk management pros! Before you gather around the table with family and friends,...
Be the first to know when we add new infographics, blog posts, and more.