IT Examiner School, Palm Springs, CA
For Your Consideration
• Examiners cannot recommend any one vendor or service provider.
• Examiners cannot advocate any particular software application, network administration tool, or similar resource.
• Examiners cannot provide management with a list of possible options.
• It is the financial institution’s responsibility to assess, vet, and determine which is the appropriate solution for their needs.
Question: Should a financial institution use a vendor because the parent company uses that vendor?
Vendor Risk Management Process
• The vendor risk management process typically incorporates the following activities:
– Risk assessments and requirements definition – Due diligence in selecting a service provider – Contract provisions and considerations – Incentive compensation review – Ongoing oversight and monitoring of service providers – Business continuity and contingency plans.
Made with FlippingBook - professional solution for displaying marketing and sales documents online