Blog

Organizations outsource critical functions like technology and security solutions. The benefits of outsourcing are attractive. However, there are also inherent risks involved with outsourced services.

Risks associated with vendors who support an organization's technology and or/ security solutions include cyber-attacks, Wi-Fi attacks, DDoS attacks, third-party attacks and more. There are also possibilities of a data breach. Such risks can damage the organization's reputation and cause financial l

ISACA, a leading nonprofit organization dedicated to the development, adoption, and use of industry-leading information security knowledge and best practices, opened up its 50th anniversary celebration this year with their 2019 North America CACS Conference. I was fortunate enough to be invited to speak to the more than 1,500 cybersecurity professionals in attendance about how to operationalize their cybersecurity programs and turn policy into action.

The North America CACS Conference is the prem

Your stand-alone third-party risk management platform delivers significant value by centralizing risk-related processes, standardizing workflows, and capturing key documentation for due diligence and regulatory compliance. 

But your third-party relationships don’t exist in a vacuum. By integrating your platform with other systems, you can augment your risk management process with richer data and extend its reach across your business — without increasing your workload.

Read Automated Integrations f

What’s worse than a vendor that suffers a data breach that exposes your sensitive customer information? The answer: A vendor that waits almost six months to tell you about it.

That’s the issue that both Sears and Delta Air Lines are facing after a malware attack on each of the company’s online chat services vendors. Hundreds of thousands of customers’ payment information was accessed, including payment card account numbers, expiration dates, names, and addresses, reports Gizmodo. Sears and Delta

Don’t assume you’re immune from this European regulation with huge fines

All may be relatively quiet on the regulatory front in the U.S., but this May new privacy regulations are taking effect in the European Union, which will likely impact even the most provincial U.S. financial institutions.

The E.U.’s General Data Protection Regulation (GDPR), approved in April 2016, is much broader than the U.S.’s most well-known privacy regulations, the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance P

There may be 50 ways to leave your lover, but when it comes to ending a relationship with a vendor there’s really just one path to follow: the documentation in your service level agreement (SLA).

Financial institutions find themselves ending vendor relationships for many reasons. Sometimes the relationship is great, but the product or service no longer meets the institution’s needs. Maybe another vendor is just better. Or maybe the vendor wasn’t meeting expectations.

The Contract

Regardless of t

With the General Data Protection Regulation, the EU is taking privacy very seriously. They expect the same from you – and your third parties. How are you preparing your Vendor Risk Management program to handle these sweeping changes?

Join ProcessUnity for a 45-minute webcast on Wednesday, April 18, 2018 at 11:00 AM EDT and see how forward-thinking organizations are incorporating GDPR best practices into Third-Party Risk processes. Our team of experts will:

• Outline GDPR requirements as they pertain

There is temptation in the world of management. With regulatory scrutiny increasing and cost a concern, free vendor management checklists seem like an easy solution. But is that free checklist going to cost you down the road?

My experience says yes.

Free vendor management checklists are a disaster waiting to happen. From misclassifying vendor risk and misallocating resources to failing to provide an actual process for execution, vendor management checklists lack the nuance needed to help an instit

To contract a vendor is to initiate a relationship: when you don’t know who you’re really dealing with, you expose your enterprise to risks that can have enduring consequences.

Join ProcessUnity’s 45-minute webcast on Thursday, February 15, 2018 at 11:00 AM EST and see how forward-thinking organizations are modernizing their vendor onboarding process.

Our team of experts will discuss how to:

• Eliminate time-intensive admin steps to create vendor information
• Streamline onboarding processes by engaging

As you likely know, GDPR (the EU’s new General Data Protection Regulation) takes effect in May 2018. Are you ready? If your organization stores or processes EU citizen or resident personal information – any information that can be used to directly or indirectly identify someone – you need to know about GDPR.

But did you also know you that you are responsible for the personal data managed by your third-party vendors? Enterprises are responsible for the EU personal data managed by their own third p

https://www.onspring.com/blog/7-vendor-management-tips-for-startups

Does your organization rely on vendors or other third parties? In the likely event that it does, are your vendor management processes as thorough as they could be? When performing risk assessments of both current and prospective vendors, it’s difficult to ascertain that every variable has been accounted for. This is especially true for organizations like food and beverage companies; they receive ingredients that, if contaminated, can have serious (and sometimes fatal) effects on consumers.

The Fr

This past April, an Air Force reconnaissance airplane caught fire. At the time, 27 airmen were on the plane, and all their lives were put in danger. What went wrong and caused this costly error? According to U.S. Air Force investigators, the mistake traces back to an error in vendor management. In this case, a vendor failed to properly secure an oxygen tank, resulting in a “highly flammable oxygen-rich environment that ignited.”

Findings also indicate that problems with the military contractor ma

Interview with Aretina Trepczyk, Vice President, Enterprise Risk Manager at Umpqua Bank

The increased regulatory pressures on third party vendor risk have increased focus on this key area of operational risk. And, despite institutions implementing changes to their third party risk strategies, many programs still need to be optimized and enhanced to ensure strong due diligence of vendors and minimize the risk exposure to the enterprise. Institutions need to incorporate their third party risk stra

What the Great Wall of China can teach us about Vendor Risk Management

A vendor risk management approach is all about creating centralized standards that transcend business silos, which is very different from the approach taken in traditional vendor management software. Vendor management needs tools with a risk-based approach to overcome their difficulty of objectively putting the vendor compliance pieces together across legal, purchasing , security reviews, and accounts payable silos for contrac

Risk assessments are plagued by subjectivity which means they simply cannot be relied upon to meet their objective. Subjectivity prevents risk assessments from being used across business silos and makes verification by audit or compliance review impossible. Subjectivity can be overcome by using a risk assessment template framework with the following best practice attributes:

1. Adopt a uniform numerical scale -Use a scale of 1 to 10, Scoring is based on a scale from 1 to 10, with 10 having the most