There are a few scenarios that would warrant an external review of your vendor management program. Watch to learn when you should seek an external review of your third party risk audit.
New enforcement actions usually come in the form of a CFPB action surrounding UDAAP - use them to your advantage. Watch to learn how to use one to make your vendor risk management program more efficient.
There are a number of vendor management related disciplines you need to do really well to have a strong vendor management program, but there are 3 elements in particular that create a strong foundation.
A SLA is a written contract between your company & a third party that describes the level of service required. A model SLA should include these 7 items, watch Third Party Thursday to learn what they are.
Creating a basic checklist is the key to streamlining your third party due diligence process. Listen to learn the items that should be obtained from EVERY vendor, tips for customizing your approach and more.
Third party risk management is a focus for financial institutions. However, they're not the only ones that should be concerned with it. Third party risk management can positively impact any company's resources, cost, etc.
Regardless of how mature your current contract management system is, these 10 vendor contract management best practices can help mitigate third party risk. Ensure you're doing them.
Learn what examiners expect regarding vendor contract management straight from third party risk guidance on contract negotiation. Watch as we cover OCC Bulletin 2013-29 & 2017-7.
Watch this video to learn about vendor contract management regulation, tips and ideas. Standardize and improve your contract approach for third party risk.
Learn the 7 key components you need for a good vendor management program. Do you have these in yours yet? If not, it's time to consider some changes.
Learn 10 best practices that good vendor managers use to take care of their institution's third party risk and stay compliant. You should incorporate these into your program.
Learn the how, when and why of using vendor information security questionnaires for your third party risk management and how your due diligence process can benefit from it.
In this video, you'll learn how your vendor's approach to the CIA triad of information security impacts you and your customers. Being aware will help you against third party risk.
Learn what the scope of a vendor's SOC report means and where to find it along with what typical audit periods are and a few questions to ask yourself while reviewing the narrative.
We’re going to talk through a few key things you need to know about vendor management risk assessments for your institution's third party risk management program.
We’re going to talk through the 10 main steps you need to take to create your proper vendor list for your third party risk management program at your institution. Let's get started.
You may have heard the term “three lines of defense”. But, what is a three lines of defense strategy? We'll go through those three lines of defense you have for vendor management at your financial institution.
We often get asked, "Is there a difference between an ERM and VM?" The answer is “YES” – they are different, but there are some areas of overlap as well. Learn about what some of the differences are.
Third party risk management must flow in a lifecycle. We'll discuss how it's a constant evolutionary process rather than an annual static event - a core aspect that you should incorporate into your program.
We'll discuss fundamental best practices of third party risk management that you need to implement such as education, tailored ongoing monitoring, outsourcing and not cutting corners.
You have to do a lot for your third party risk management now... but why? We'll go through a few reasons for the increased third party risk management regulation and concern.
Even though each vendor agreement includes different contractual terms, 5 security and confidentiality provisions should always be addressed. Let's go through them.
When a third party company doesn't provide financial documents we tend to think there's nothing we can do. But actually, there is and we'll show you that alternate path in this video.
Learn what Complementary User Entity Controls are, how they're related to SOC reports, what you do with them, why they're important and more.
The Cloud has many benefits, but like everything, there are risks you need to consider. Protecting your institution’s data is ultimately your responsibility so you should know how your vendor safeguards it.
Ensuring your critical vendors can survive in disaster helps ensure your financial institution can also survive. Learn what Business Continuity & Disaster Recovery plans are & how our team reviews them.
When reviewing and negotiating critical vendor contracts, consider many elements. Here's 5 key provisions to give special attention.
You report the vendor's financial health to senior management and board. What happens when the financial health is poor? We will go over the domino effect, the issue in the industry and what you can do about it.
Do you know the difference between a critical and non critical vendor? Learn about defining them for your financial institution. We'll cover why it's important, the business impact, exit strategies and more.
You must define specifically who will be a part of your third party risk management program and also, equally important, who is out.
So, what can you do right now in preparation for next year? There’s actually quite a lot, depending on the maturity of your third party program. Watch this video to learn what you can do now to prepare for 2017.
With all the vendor management industry changes and guidance updates, it's easy to get overwhelmed. In this video, we will talk about basic vendor management best practices to implement.
We're very excited to announce this new video series. Join Branan as he explains what Third Party Thursday is, why we started this video series and how to stay up-to-date with the latest videos.