Everyone from regulators to insurers wants to know (see) how we are managing third-party vendor risk. All organizations, regardless of size, utilize third-party providers to assist them in our day-to-day operations. Now more than ever, we must ensure the providers we choose take security seriously and will do everything possible to protect sensitive information. This presentation will outline some of the critical components for organizations to address when evaluating their vendor risk management programs. This will include:
- Developing a Policy – A vendor management policy outlines the controls in place to assess your risk related to your third-party service providers as well as the steps necessary to mitigate your risk.
- Building a Program – A vendor management program provides you with a framework that you can use to effectively risk assess and risk rank your vendors. The program will assist with establishing timeframes for the review of vendor contracts (both prospective vendors and renewals), and steps to take for due diligence with new vendors.
- Assessment – By assessing the risk vendors pose to our institutions, we can establish and implement controls to understand what risks are present as well as a detailed remediation strategy to mitigate your risk.
- Provide vendor management policy examples and templates to help the audience to manage and mitigate their risk related to third-party service providers.
- Help the audience to establish timeframes for the review of vendor contracts (both prospective vendors and renewals), and steps to take for due diligence with new vendors.
- Align vendor risk assessments to controls to mitigate risk.