Your business depends on outsourcing to vendors.
Do you fully understand the risk they pose to you?
Your institution’s reputation with customers and in the communities you serve depends on understanding, addressing, and mitigating risk. It only takes one breach of one of your vendors to cause significant damage to your institution’s reputation.
If your vendor is breached, how much damage would be done to your reputation in your community? And how much impact would that have on whether your institution continued as part of the business community in your organization’s footprint?
You may have delegated third party risk management (TPRM) responsibilities and the completion of on-going monitoring activities to internal staff. However:
- Is it being completed? Every year? For all the vendors who pose risk to your bank?
- Do you have personnel assigned who have the expertise to know what due diligence documentation to gather and, when received, to understand and interpret the information? Do those personnel know how to evaluate the risk based on their understanding and interpretation?
- Do your personnel communicate the risk profile to your Board, as required by regulation? Do they communicate the risk profile in a manner appropriate for the Board to make decisions?
Fortrex provides yearly, in-depth analysis of the appropriate third party due diligence documentation for all of your vendors.
- Fortrex analysts have financial services and IT security experience.
- They know how to understand and interpret the information that your vendors supply. Our analysts provide thorough and comprehensive analysis of 30 FFIEC, ISO, NIST, and PCI-DSS controls. And they know how to evaluate your risk.
- We provide analysis and supporting vendor due diligence documents in a format that is useful for reporting to your Board. In addition, our analysis includes an Executive Summary, all the details and, most importantly, mitigation recommendations.
- Your personnel will know exactly what to address with each vendor. Is everything good with this vendor? Are there some issues that need to be mitigated? Do you need to find another vendor to remove the significant risk to your reputation and continue business? All of this is clear. Now you are confident that your TPRM program is being effectively executed.
It only takes one breach of one of your vendors to cause significant damage to your institution’s reputation. Fortrex helps make sure that does not happen to you.