-
The single most important vendor management control
Pop quiz…according to the FFIEC Handbook on Outsourcing Technology Services… “The ________ is the single most important control in the outsourcing process”: Initial due diligence process Review of third-party audit reports Contract Risk Assessment Vendor’s financial stability I’ve written before about the importance of the third-party review in the ongoing vendor management process (and how…
-
2012 Compliance Trends, Part 2 – Vendor Management
In my first post in this series I discussed training (employee and customer) as a good candidate for increased regulatory scrutiny in 2012. Although these posts are in no particular order, I had initially intended to list “Management” as the next trend. However a comment made to me by a banker at a recent conference…
-
Vendor Management and the SAS 70 Replacement
I’ve written about the replacement for the SAS 70, which officially phases out on June 15th, previously. But because this one report is being replaced with 3 new reports, financial institutions have an additional challenge that they didn’t have before. Your vendor management program must now determine the most appropriate report to request based on…
-
Vendor Management – BITS and Pieces
The effective management of critical vendors is an essential risk control. The FFIEC mentions this several times in their Examination Handbooks, most recently in the “Information Security” Handbook from July, 2006. Although most financial institutions are accustomed to approaching this from their own perspective, i.e. from the serviced side, this white paper will take a…
-
Third-Party Risk Management Final Guidance – An In-depth Analysis
Background In July of 2021, the three primary bank regulators (OCC, FDIC, and Federal Reserve) proposed new guidance on third-party risk management (TPRM). According to the agencies, “The proposed guidance provides a framework based on sound risk management principles that banking organizations may use to address the risks associated with third-party relationships.” In June of…
-
Asset Lifecycle Management
Since both Windows 7 and Server 2008 R2 will reach end-of-life support in January of 2020, many organizations have already made the jump to Windows 10 and Windows Server 2012, 2016, 2019, or Azure. If you have full control over the asset lifecycle management process for your financial institution you may have already completed this…