vendor management is typically overseen by one or two people at the financial institution, but actually every employee who outsources services is responsible. Do your colleagues know how to read, review and use SOC and SSAE 18 reports? Can you teach them how to follow these and other important vendor management practices?
In addition to assessing your critical vendors’ IT security controls, you have to look down the line at your vendors as well as your vendors’ critical vendors. Luckily SOC and SSAE 18 reports eliminate that problem for financial institutions that know how to interpret these critical vendor due diligence documents and integrate it into their vendor and enterprise risk management programs.
This webinar will show you and your colleagues the best way to gain efficiencies by helping you:
- Define how these reports scope out inherent risk
- Recognize fourth-party risk
- Understand how SOC and SSAE 18 reports assess the appropriateness of IT security internal controls
- Discover what these report results mean for your bank’s IT security and vendor management
- Devise strategies for analyzing data from longer and more complicated audit reports
- Communicate the importance of these reports to other department heads who may not be adept at risk management processes