For every third party you choose to do business with, there is foundational risk even if it’s only reputational. Therefore, step 1 in every new relationship should be doing the necessary research to know your vendor, meet regulatory requirements and protect your reputation.
The contract review and summary is performed by our own in-house paralegal staff. We’ll review your vendor contract from top to bottom and produce a comprehensive report calling out provisions that both you and the examiners will care about.
The Venminder team will gather a comprehensive set of documents on behalf of your financial institution to include audit reports, financials, business continuity plans, security testing results, policies, insurance certificates, etc.
The SSAE-16/SOC II report covers controls in place to insure security, availability, processing integrity, confidentiality and privacy. These reports contain controls implemented by the vendor and also those required to be implemented by the customer in order to complete the control structure.
BCP Documentation Analysis and Executive Level Summary
The Business Continuity analysis, performed by our on staff CISSPs, is an in-depth look at the business continuity plans for your vendor product, including testing results and client-side requirements.
A Complete Information Security Review provides a deep overview of controls for the following areas: security, availability, processing, integrity, confidentiality, privacy, incident response/breach management, examination reports, financial review, compliance risk, business continuity/disaster recovery, third party vendor management, strategic risk, reputational risk, and insurance, collection of all relevant documents and contract review/summary.
The Cybersecurity analysis, prepared by Venminder staff CISSPs, will cover the 5 most critical elements of your vendor’s Cybersecurity preparedness as it relates to the product or service you buy from them.