Training

3rd Party Risk Management

Vendor Management Part II: Assessing Vendors - the Do's and Don'ts of Choosing a Third-Party Service Provider

Vendor Management Part II: Assessing Vendors - the Do's and Don'ts of Choosing a Third-Party Service Provider
Banking regulators have turned up the heat on institutions to conduct better due diligence when selecting third-party service providers to manage sensitive data. But how does one determine if a vendor's security practices are truly up to snuff? Register for this webinar to learn through case studies and insights from an industry veteran:
  • How to conduct vendor audits and assessments that meet regulatory requirements;
  • Which vendors to assess and what to look for when assessing vendors for security and privacy practices;
  • A proven process for managing vendor risk.

The entire Vendor Management series:
> Vendor Management Part I: FDIC Explains How to Manage Your Outsourcing Risks
> Vendor Management Part II: Assessing Vendors - the Do's and Don'ts of Choosing a Third-Party Service Provider
> Vendor Management Part III: Inside the BITS Shared Assessments Program

Background

It's been a banner year for Vendor Management.

Since the start of 2008, the banking regulatory agencies have been hammering home the importance of due diligence, relationship management and risk assessment when selecting and contracting with third-party service providers. The National Credit Union Administration was first with its announcement that vendor management would be a top examination topic for U.S. credit unions in 2008. Then came recent bulletins from the Federal Deposit Insurance Corporation (FDIC) and Office of the Comptroller of the Currency (OCC) which combined oversee roughly three-quarters of U.S. banks.

The common message: A financial institution can outsource a service, but it cannot cede responsibility for the potential risks to itself and its customers.

In Part I of our multi-part series on Vendor Management, we reviewed banking regulations and the various components that go into crafting an effective Vendor Management program. In this session, we tackle the question: How does one truly assess a vendor's operations for security and privacy practices?

Register for this webinar to learn the do's and don'ts of vendor security assessment first-hand from James Christiansen, the former CISO of Experian, General Motors and Visa.

Currently the CEO of Evantix LLC, a provider of eBusiness Risk and Compliance Management solutions, Christiansen has keen insight on what does and does not work in vendor management.

Since the 1990s, banking institutions small and large have rushed to jump on the band wagon of outsourcing. Just since 2001, the outsourcing market has grown from $127B to an estimated $310B in 2008, representing over 40% growth. Unfortunately, risk management practices have not evolved to meet the new demands.

Losses from the breach of sensitive data related to third-party Business relationships - especially electronic ones -- have reached epidemic proportions. These losses and the inherent risk of eBusiness relationships are the driving force behind the wave of new legislation and enforcement that present a material cost to banking institutions.

In this webinar, Christiansen will rely on case studies and his own field experience to answer these key questions:

  • What are the regulatory requirements for assessing vendors?
  • Assessing vendors is expensive! Which vendors should I assess?
  • I outsourced my sensitive information to a vendor, so now it's their problem...right?
  • OK, so if I have to manage all these vendors - how do I start?
  • What are the best practices in managing vendor risk?
  • What should I look for when I do an assessment?

During this webinar, Christiansen will walk through actual case studies, analyzing different business relationships with vendors and showing exactly how a plan for control assessments is carried through.

Webinar Registration

This webinar is available OnDemand.

View Now


Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.