Third Party Thursday - December 12, 2024

The holiday season is in full force! Take a few minutes out of your busy day to check out the latest vendor risk management news, educational resources, and much more below!

A resilient third-party risk management program keeps your organization protected from risks like software supply chain attacks. One agency predicted supply chain attacks will intensify in 2025. A successful vendor management program requires buy-in internally and clear expectations.?

Strategies like due diligence and continuous monitoring help manage growing third-party risks. Requiring third parties to disclose critical fourth parties in the contract helps mitigate fourth-party risks, too. Build a framework that outlines processes for how third-party oversight is completed. Check out this week’s third-party risk management news here.?

?Read More

On-Demand Webinar:?Third-Party Risk Management Regulations to Know to Protect Your Organization

Holiday eCard: Happy Holidays from Venminder!

Blog:?What Is a Vendor SIG Questionnaire?

Infographic: 3 Vendor Financial Statements to Review

Check out the latest discussions in our complimentary online community dedicated to third-party risk professionals. Visit?www.thirdpartythinktank.com to register and sign in.

• SOC 2 for Third-Party Provider: "If you vendor (i.e. ABC Company) sends a SOC 2 report for who they use (i.e. Amazon Web Services), and ABC Company does not complete a SOC 2 report themselves, what steps do you take to ensure they have adequate controls in place?" Help Answer
• CCPA/CPRA Compliance: "I am looking at guidance and perspective from financial institutions that have branches in California that may not necessarily have their main/home branches in that same state. This pertains to programs, policies, and processes when it comes to how your organization handles CCPA/CPRA requirements and your vendors." Help Answer
• Incomplete SIG Questionnaires Due to Macro Blocking: "We have noticed that on several occasions, organizations have returned the SIG questionnaire to use incomplete. This is due to their organization blocking or disabling files that contain macros. I am curious on other have been handling similar instances." Help Answer

Managing Third-Party AI Risk: What You Need to Know Today (hosted by Ncontracts)

AI is slowly transforming banking. Everything from the customer experience and competition to the back offices. This session examines AI from a risk and governance perspective, highlighting policies supported by risk assessments.

December 18, 2024 | 1pm CT?| Register Now

Fourth and Nth Parties: What You Need to Know to Effectively Manage Your Extended Third-Party Ecosystem

In this session, we provide helpful information to assist you in identifying, assessing, and managing fourth- and nth-party risks. We focus on strategies and tools that organizations can use to enhance visibility to their extended third-party ecosystem.

Watch Now

The Third-Party Risk Management Lifecycle: Managing Vendor Risk From Start to Finish

The lifecycle provides a clear roadmap for executing risk identification and management activities in the right order and at the appropriate time within each stage of the relationship.

Watch Now

Like what you read? Don't forget to click 'Subscribe' in the top right corner of the page for weekly third-party risk management updates, news, resources, and upcoming webinars.