Compliance Guru® Logo
  • Ask the Guru
  • The Guru SpeaksPlaces I’ve recently been published: White Papers: Enterprise-wide Recovery – The Business Impact Analysis,  A Guide for Senior Management (available for download at the Resources page) Disaster Recovery and Strategic Planning – Aligning Policy, Procedures and Practices (available for download at the Resources page) Publications: Florida Banking Resource Guide 2010 – Risk and Recovery:  A Cost Analysis Methodology Bank Fraud and IT Security, April 2010 – Reducing Risk through Effective Disaster Recovery Planning
  • About

  • Vendor Management in 3 Parts. Part 3 – Risk Management (or, “can we or can’t we?”)

    The last step in the vendor management process is to manage, or control, the risk that was identified in step 1, and assessed (as inherent risk) in step 2.  Controlling risk is defined as applying risk mitigation techniques (or “controls”) to reduce risk to acceptable levels  It’s important to understand that risk can never be completely eliminated, […]

    December 2, 2014

  • Vendor Management in 3 Parts. Part 2 – Risk Assessment (or, “will they or won’t they?”)

    In Part 1 I said that vendor management, just as any other risk management endeavor, consists of 3 basic phases; Identify the risk Assess the risk, and Control the risk I also discussed why risk identification was a more difficult task today because of the “access to data” question, and also because “data” includes not just NPI, but confidential […]

    November 18, 2014

  • Vendor Management in 3 Parts. Part 1 – Risk Identification (or, “do they or don’t they?”)

    Service provider oversight (aka vendor management) is undoubtedly the hottest hot-button item on the regulator’s agenda right now, and for good reason.  For one thing, regulators know that the vast majority of financial institutions outsource at some point, in fact recent studies put the number of FI’s that either transmit, process or store information with […]

    October 14, 2014

  • The OCC Sets a New Standard for Vendor Management…

    …but will it become the new standard for institutions with other regulators?  UPDATE – The answer is yes, at least for the Federal Reserve.  Readers of this blog know that I’ve been predicting an increase in vendor management program scrutiny since early 2010.  And although the FFIEC has been very active in this area, issuing […]

    November 5, 2013

  • Windows XP and Vendor Management

    The FFIEC issued a joint statement recently regarding Microsoft’s discontinuation of support for Windows XP.  The statement requires financial institutions to identify, assess, and manage the risks of these devices in their institutions after April 8, 2014.   After this date Microsoft will no longer provide regular security patches or support for this product, potentially leaving […]

    October 25, 2013

  • Examination Downgrades Correlated with Poor Vendor Management

    According to Donald Saxinger (senior examination specialist in FDIC’s Technology Supervision Branch) in a telephone briefing given to the ABA in
    Read the rest of the article

    February 25, 2013
1 2 3 … 12
Next Page→

Compliance Guru

© 2023 Safe Systems, Inc. All rights reserved.