We published over 150 blogs this year—many dealing with the latest third-party vendor management trends, enforcement actions, and best practices.
Now with the year coming to a close, we’ve gathered 10 of our top third-party vendor management posts for you. From the basics to more in-depth discussions of vendor management solutions, we’ve got you covered.
Did one of your critical third-party vendors need Paycheck Protection Program (PPP) funds?
That’s the question everyone is asking since the Small Business Administration (SBA) released the list of businesses that took PPP loans. (The Washington Post’s PPP searchable database includes companies that borrowed more than $150,000.)
Needing an emergency loan to ensure ongoing operations says a lot about a company’s financial condition and strength.
2. First, Second, Third, Fourth and Fifth Parties: How to Measure the Tiers of Risk
Everyone knows that third-party relationships introduce risk. But what about second parties, fourth parties, and beyond?
Let’s take a quick look at first, second, third, fourth, and fifth parties to understand who they are and the potential risks they pose.
You know SOC 2 reports are a great vendor management tool, but are your critical vendors’ SOC 2 reports telling you everything you need to know about how well they protect your data?
Not necessarily. It depends on which report you are getting. Read on to find out:
What Is A SOC 2 Report?
How Does A SOC 2 Report Help with Vendor Due Diligence & Vendor Management?
Avoid This Critical SOC 2 Mistake
What If A Critical Vendor Doesn’t Have a SOC 2 Report?
Last August Capital One got in trouble when a former Amazon Web Services employee hacked into one of its databases and accessed the data of 100 million Americans and 6 million Canadians, which includes names, addresses, zip codes/postal codes, phone numbers, email addresses, birthdates, income, credit scores, and payment history. The breach went on for three months before the bank was tipped off by an anonymous email.
What went wrong? While initial speculation suggested a vendor management flaw since the perpetrator had been an employee of the vendor, it turns out weak risk management is to blame, the OCC says.
In 2016 Morgan Stanley closed two data centers. The bank hired a vendor to remove its data from the decommissioned computer equipment. Morgan Stanley later learned that some of the machines still contained some unencrypted data—a fact the Office of the Comptroller of the Currency (OCC) made the bank share with customers in a letter earlier this summer.
Now Morgan Stanley is on the hook for a $60 million civil money penalty from the OCC for vendor management that potentially exposed sensitive customer data. The bank also faces seven class-action lawsuits accusing it of negligence.
Where did the vendor management lifecycle breakdown? Read on to find out.
People like to joke about the amorphous nature of “the cloud.” It’s neither here nor there but also everywhere.
While the cloud may seem mysterious to the layperson, there shouldn’t be anything secretive about your third-party vendors’ cloud use. If your vendor is housing any of your client or sensitive data on the cloud, you need to know about it.
The directive came from on high, and there is no escaping it: You are responsible for your institution’s vendor management process.
You’ve seen the guidance. You know it’s a big job. But where to begin?
Take a deep breath, let it out, and allow me to be your guide through the vendor management process.
8. 5 Features Every Vendor Management Software Solution Should Have
When properly constructed, a vendor management software solution is a tool that guides an institution through managing third and fourth-party vendor risk. It organizes existing processes and documentation while offering insights into improving vendor relationships and policies.
It’s more than a storage center for contracts. It’s an expert system that uncovers insights into vendor agreements and simplifies the due diligence process so that an institution can focus on the most high-level, big picture issues.
Here are the top five features to look for when selecting a vendor management software solution:
9. How to Break Up with Your Vendor
There may be 50 ways to leave your lover, but when it comes to ending a relationship with a vendor there’s really just one path to follow: the documentation in your service level agreement (SLA).
Financial institutions find themselves ending vendor relationships for many reasons. Sometimes the relationship is great, but the product or service no longer meets the institution’s needs. Maybe another vendor is just better. Or maybe the vendor wasn’t meeting expectations.
Regardless of the reason, your SLA is your break-up guide.
10. 8 Vendor Management Practices Examiners Are Looking For
Regulators recognize that third-party vendors play a critical role in delivering products and services and take compliance with vendor management regulations very seriously. What are they looking for? Read on to find out.