Third Party Thursday - March 28, 2024

This monthly edition is jam-packed! Check out the newsletter for educational resources to help your TPRM program stay in compliance, as well as the latest vendor risk management industry news, upcoming CPE credit eligible webinars, and more. Take a peek below.

A retailer was the victim of a third-party data breach this week, emphasizing the importance of keeping data protected. A new report highlighted the risks of third-party data breaches and there are several best practices to help mitigate third-party risks. Third-party risk management can also be a helpful tool to manage geopolitical risks.

The U.S. Cybersecurity and Infrastructure Agency (CISA) is warning of three actively exploited software vulnerabilities. Another state privacy law is on the horizon and financial regulators are focusing on operational resilience. Due to AI and hybrid cloud, some are saying financial organizations should ensure operational resilience with critical third parties. Read up on all of this week’s third-party risk management news.?

Read More

Blog:?Meeting EU Digital Operational Resilience Act (DORA) Third-Party Risk Requirements

Blog: The Importance of Third-Party Risk Management in a Difficult Economy

Podcast: Risk-Based Due Diligence in Third-Party Risk Management

Additional Resources:

• Infographic: Mitigating Vendor Risk Through Effective Contract Management Practices
• Infographic: OCC Third-Party Risk Management Regulations and Priorities
• On-Demand Webinar: Fourth and Nth Parties: What You Need to Know to Effectively Manage Your Extended Third-Party Ecosystem
• Blog: Third-Party Risk Management Will Be Faulty With a Single GRC System
• eBook: A Business Case for Third-Party Risk Management
• Blog: Best Third-Party Risk Management Practices in Australia to Comply With APRA
• Blog: How to Read Vendor Financial Statement
• Infographic: What to Do If a Vendor Has Weak Business Continuity and Disaster Recovery Plans
• Blog: Third-Party Risk Management Requirements of NIST Cybersecurity Framework 2.0
• On-Demand Webinar: How to Review Your Vendor's Financial Health: A Walkthrough of Financial Documents
• Blog: SEC Climate-Related Disclosure Requirement Highlights and Third-Party Considerations
• Template: Artificial Intelligence Sample Vendor Questionnaire
• Thought Leadership Interview: Rachael Ormiston, Head of Privacy at Osano

Check out the latest discussions in our complimentary online community dedicated to third-party risk professionals. Visit?www.thirdpartythinktank.com to register and sign in.

• Risk Mitigation Plans: "Regarding your organization's internal risk mitigation process, what does the workflow look like to inform internal stakeholders on agreed remediation?" Help Answer
• Co-Branded Credit Card Questions: "We're a co-branded credit card where we own the servicing and customer touchpoints. However, our bank partner owns the debt. We're in the process of migrating from a homegrown customer self-service site for things like payment on account, viewing credit card statements, etc., and moving to a third-party vendor of our bank for future customer self-service. The caveat is this vendor is a third party to the bank, not us. We also don't treat the bank as a third-party vendor to us given our agreement. Anyone have suggestions?"? Help Answer
• How Do You Right Size Insurance Requirements for Vendors?: "I'm looking for input for what others do to right size insurance requirements for vendors they do business with? What parameters do you use and how do you determine the amount of insurance coverage that your require the vendor to carry?" Help Answer

The Third-Party Risk Management Lifecycle: Managing Vendor Risk From Start to Finish

The third-party/vendor risk management lifecycle is the foundation for effective third-party risk programs across industries and organizations of all sizes. In this webinar, we'll cover each lifecycle stage in detail.?

April 2, 2024 | Basic | 2pm ET | Register Now

Third-Party Risk Management Bootcamp

In this three-day virtual bootcamp, industry experts will cover an in-depth look at the third-party risk management lifecycle, vendor risk management best practices, fourth-and nth-party vendors, vendor financial health, AI, and much more. Grab your camping chair and save your seat today.

April 16-18, 2024 | Basic | 1-3pm ET | Register Now

Protecting Your Credit Union With Vendor Risk Assessments

Vendor risk assessments are important for credit unions, as they offer detailed information about how vendors handle risk. In this session, we'll discuss what you need to know and do to ensure your assessments are effective, timely, and meet regulatory requirements.

April 30, 2024 | Basic | 2pm ET | Register Now

Like what you read? Don't forget to click 'Subscribe' in the top right corner of the page for weekly third-party risk management updates, news, resources, and upcoming webinars.