Third Party Thursday - June 27, 2024

As June concludes, it's a great time to catch up on this month's industry news, educational resources, and community happenings. Check it out below.

Neiman Marcus confirmed it was impacted by the Snowflake data breach and Advance Auto Parts expects its third-party breach to cost about $3 million. The restoration process has begun after a third-party ransomware attack impacted car dealers. A U.S. agency confirmed a data breach through a third-party software vulnerability and a Singapore company experienced a third-party breach through its customer relationship management (CRM) platform.

An Italian court said fashion brand Dior failed to oversee subcontractors’ practices. An analysis from the Federal Reserve said third-party climate models lack transparency. Financial institutions are looking for new strategies to monitor third-party risks. As the Digital Operational Resilience Act (DORA) approaches, financial entities are reviewing third-party contracts for compliance. See all of this week’s news below.?

Read More

Infographic:?9 Steps to Complete the Vendor Risk Assessment Process

Blog: Cloud Service Provider Breach: Lessons Learned From the Snowflake Attack

Blog: Meeting HIPAA Third-Party Risk Requirements

Blog:?Best Third-Party Risk Management Platform Features

On-Demand Webinar:?The Vendor Due Diligence Process: End to End

Press Release:?Venminder Announces Free Third-Party Risk Management Industry Regulations Library

Video: How to Manage Third-Party Risk

Additional Resources:

• Toolkit: How to Report Third-Party Risk Management Activity to the Board
• Blog: Financial Institutions Facing Third-Party Risk-Related Regulatory Enforcement Actions
• On-Demand Webinar: Vendor Complementary User Entity Controls (CUECs): What They Are and How to Use Them to Protect Your Organization
• Blog: The Human Factor: Preventing Third-Party Social Engineering and Phishing Attacks
• On-Demand Webinar: How to Read and Review a Vendor SOC Report: A Report Walkthrough
• eBook: Guidance on How to Master Third-Party Risk Management in 2024
• Blog: Meeting the Third-Party Risk Standards of NIST 800-53
• Blog: Determining Third-Party Risk Management Metrics for Cloud Service Providers
• Infographic: When and How Often to Perform Vendor Due Diligence
• Blog: What to Include in Vendor Contract Templates
• Blog: Federal Agencies Release Third-Party Risk Management Guide for Community Banks
• Press Release: Venminder Unveils AI Driven Breakthroughs in Third-Party Risk Management
• On-Demand Webinar: Assessing Vendor Risk: A Deeper Dive

View All Resources

Check out the latest discussions in our complimentary online community dedicated to third-party risk professionals. Visit?www.thirdpartythinktank.com to register and sign in.

• Risk Assessment Questionnaire for High-Risk Vendors: "Would anyone be willing to share their risk assessment questionnaire for high-risk vendors?" Help Answer
• Statement of Work (SOW) Risk Assessment: "How are you assessing risk at a SOW level? How can my organization roll this out to assess all our SOWs? Is there a simple template anyone can share?" Help Answer
• Report of Examination: "We were notified by an email from FDICConnect that one of our significant service providers had a number of Examination Concerns Requiring Attention (ECRAs). We've inquired with the vendor and they provided us with memos explaining what they've done with each ECRA. Many of them have been closed and some are in progress. How do we validate what they tell us?" Help Answer

Third-Party Risk Management Reports: Right Data, Frequency, & Content

For many, it's a regulatory requirement to report TPRM to your board and senior leadership. It can be a cumbersome task to gather all reports that need to be provided to various departments. In this session, we'll walk you through the basics of TPRM reporting, what should be included, and more.

July 9, 2024 | Basic | 2pm ET | Register Now

Vendor Onboarding: Starting Vendor Relationships Right

The onboarding process is the crucial first step in any vendor relationship, as it sets the foundation for managing the vendor and their risks throughout the partnership. But, what are the key components of an effective vendor onboarding process? Join us for this informative webinar to learn all about vendor onboarding.

July 11, 2024 | Intermediate | 2pm ET | Register Now

Vendor Exit Strategies and Plans: Managing the Offboarding Process Safely and Effectively

Vendor relationships can end for many reasons. Maybe your organization's needs have changed and you're looking for a new vendor who better aligns with your strategic goals. In this session, we'll discuss vendor exit strategies and plans.

July 23, 2024 | Intermediate | 2pm ET?| Register Now

Blog: Black Kite - The Greatest Security Risk Might Be Your TPRM Program Itself

Blog:?Owlin - Adverse Media Monitoring: Mitigating High-Risk Vendor Risk Exposure for Banks

eBook:?Osano - U.S. Data Privacy Laws: A Guide to the 2024 Landscape

Like what you read? Don't forget to click 'Subscribe' in the top right corner of the page for weekly third-party risk management updates, news, resources, and upcoming webinars.