-
Vendor Management in 3 Parts. Part 3 – Risk Management (or, “can we or can’t we?”)
The last step in the vendor management process is to manage, or control, the risk that was identified in step 1, and assessed (as inherent risk) in step 2. Controlling risk is defined as applying risk mitigation techniques (or “controls”) to reduce risk to acceptable levels It’s important to understand that risk can never be completely eliminated,…
-
Cybersecurity – Part 2
In Part 1 I discussed the increasing regulatory focus on cybersecurity, and what to expect in the short term. In this post I want to dissect the individual elements of cybersecurity, and list what you’ll need to do to demonstrate compliance on each one going forward. So here are the required elements of a cybersecurity program, followed…
-
5 Keys to Understanding a SOC 2 Report
Although I have written about these relatively new reports frequently, and for some time now, it still remains a topic of great interest to financial institutions. Fully 20% of all searches on this site over the past 6 months include the terms “SOC” or “SOC 2”, or “SAS 70”. Some of this increased interest comes…
