IT Examiner School

Service Providers/Vendors

 Perform due diligence when selecting service providers  Require service providers to comply with the institution’s ISP, at a minimum  Monitor service providers

Board Oversight & Involvement Proper governance is achieved through management structure and the Board of Directors. Assignment of responsibilities & authority covering the following: • Central oversight & coordination • Risk assessment & measurements communicated to board • Independent monitoring & testing • CISO Reporting • Defined risk appetite & acceptable residual risk