Background
It's been a banner year for Vendor Management.
Since the start of 2008, the banking regulatory agencies have been hammering home the importance of due diligence, relationship management and risk assessment when selecting and contracting with third-party service providers. The National Credit Union Administration was first with its announcement that vendor management would be a top examination topic for U.S. credit unions in 2008. Then came recent bulletins from the Federal Deposit Insurance Corporation (FDIC) and Office of the Comptroller of the Currency (OCC) which combined oversee roughly three-quarters of U.S. banks.
The common message: A financial institution can outsource a service, but it cannot cede responsibility for the potential risks to itself and its customers.
In Part I of our multi-part series on Vendor Management, we reviewed banking regulations and the various components that go into crafting an effective Vendor Management program. In this session, we tackle the question: How does one truly assess a vendor's operations for security and privacy practices?
Register for this webinar to learn the do's and don'ts of vendor security assessment first-hand from James Christiansen, the former CISO of Experian, General Motors and Visa.
Currently the CEO of Evantix LLC, a provider of eBusiness Risk and Compliance Management solutions, Christiansen has keen insight on what does and does not work in vendor management.
Since the 1990s, banking institutions small and large have rushed to jump on the band wagon of outsourcing. Just since 2001, the outsourcing market has grown from $127B to an estimated $310B in 2008, representing over 40% growth. Unfortunately, risk management practices have not evolved to meet the new demands.
Losses from the breach of sensitive data related to third-party Business relationships - especially electronic ones -- have reached epidemic proportions. These losses and the inherent risk of eBusiness relationships are the driving force behind the wave of new legislation and enforcement that present a material cost to banking institutions.
In this webinar, Christiansen will rely on case studies and his own field experience to answer these key questions:
- What are the regulatory requirements for assessing vendors?
- Assessing vendors is expensive! Which vendors should I assess?
- I outsourced my sensitive information to a vendor, so now it's their problem...right?
- OK, so if I have to manage all these vendors - how do I start?
- What are the best practices in managing vendor risk?
- What should I look for when I do an assessment?
During this webinar, Christiansen will walk through actual case studies, analyzing different business relationships with vendors and showing exactly how a plan for control assessments is carried through.