Summer Regulatory Summit eBook

First page Table of contents Previous page 215 Next page Last page

6. Vendor Management Program

o Does the Organization have a documented Vendor Management Program regarding the acquisition of new IT assets or vendors? o Does the Program include the ongoing oversight of third parties and service providers, o Does the Program specifically address risk levels, due diligence required for each, review frequency, contract review processes, and other critical information? o Interagency Guidance on Risks Associated with Third-Party Relationships (June 2023) o FFIEC Cybersecurity Assessment Tool o FFIEC Booklets

CONTROL

GUIDANCE

© SBS CyberSecurity, LLC www.sbscyber.com

19

Made with FlippingBook Digital Publishing Software