Learning how to successfully negotiate a vendor contract is a valuable skill to include in your vendor risk management (VRM) program. Vendor contract negotiation is designed to create a mutually beneficial relationship between both parties, while also protecting your organization from vendor risk ..read more

Technology vendors, such as data centers, cloud service providers, and credit card processors, must be assessed as part of an organization’s overall third-party risk management (TPRM) program. A third-party vendor’s SOC 2 report is an essential due diligence element that reveals details about a vendor’s control environment related to one or more of the five Trust Services Criteria – security, availability, processing integrity, confidentiality, and privacy ..read more

On July 9, 2024, the Basel Committee on Banking Supervision (BCBS) released their proposed consultative document, Principles for the Sound Management of Third-Party Risk, intended for large, internationally active banks and their prudential supervisors, as well as smaller banks and authorities in all member countries. The principles create a common baseline for managing third-party risks, while allowing flexibility to accommodate evolving practices and regulatory frameworks ..read more

If you’ve ever been intentional about setting personal or professional goals, you may be familiar with the criteria known as S.M.A.R.T. Specific, measurable, achievable, relevant, and time-bound goals are more likely to be achieved than those which are vague, unrealistic, and open-ended. Measuring goals is particularly important because it provides concrete data on the progress made towards your objectives ..read more

Commercial real estate brokers face a significant concern when it comes to third-party relationships – vendor risk. Given the industry's nature, brokers often rely on various vendors, such as real estate appraisers, inspectors, and title companies. These partnerships can expose brokers to potential risks that can jeopardize brokers’ operations, finances, and reputation. A well-designed vendor risk management (VRM) program is crucial for commercial real estate brokers to safeguard against these inherent risks ..read more

Stay up-to-date on the latest vendor risk management news happening this month. Check out the articles below ..read more

The concept of independence has been a significant aspect of human history and culture. It pertains to the ability of individuals or groups to make their own decisions and act freely, without being influenced or controlled by others. In July, we often commemorate the courageous actions taken by people in history to gain their independence. The signing of the Declaration of Independence in the U.S. and the storming of the Bastille in France are two examples of such events that were born out of a desire to break free from oppressive rule and achieve self-determination ..read more

Third-party risk management (TPRM) involves a wide range of activities, tasks, and stakeholders to identify, assess, mitigate, and monitor the risks associated with third-party relationships. This includes conducting risk assessments, due diligence, reviewing third-party documentation, contract reviews, monitoring, and periodically re-evaluating the relationship. Many organizations have turned to third-party risk management software platforms to help organize and streamline the workload. While these platforms can offer invaluable resources and features, selecting the right one for your organi ..read more

Certain industries, like finance and healthcare, are at a higher risk of data breaches because they deal with vast amounts of sensitive information. While the finance industry has its own standards for protecting consumer data, healthcare organizations must follow expectations outlined in the Health Insurance Portability and Accountability Act (HIPAA ..read more

If your organization relies on a cloud service provider (CSP), the recent Snowflake data breach has likely created significant concern. As many as 165 Snowflake customers have been impacted by the data breach, which may include hundreds of millions of personal records. Even if your organization wasn’t directly impacted by the breach, it’s important to take note of the incident and consider whether your third-party risk management (TPRM) program is prepared to respond. This involves ensuring that your third-party CSPs are following best practices to keep data safe and secure ..read more