Virtual Cyber & Technology Risk Management Forum

First page Table of contents Previous page 33 Next page Last page

• What does regulation require us to do? o Vendor Risk Assessment o Vendor Selection o Contract Review o Due Diligence o Review Critical Vendors Going Forward • Documentation to review: Compliance-based VM o Contracts o Financials o BCM/IRP documentation o SLAs o Audit/Testing results o Determine if the vendor is a foreign service provider o Determine if the vendor uses subcontractors o Determine how you might terminate the relationship

© 2020 SBS CyberSecurity, LLC www.sbscyber.com

11

Made with FlippingBook Publishing Software