Supply chain attacks, where an institution’s system and data are accessed through a third-party vendor, are becoming more prevalent in today’s interconnected world. This has highlighted the need for a robust vendor management program as the ongoing viability of a vendor, as well as its security practices must be monitored. Requirements for monitoring critical vendors have changed from an annual to an ongoing process. While we recognize the need for a robust vendor management program, the problem is finding the time to complete all necessary tasks. Many have found that having an automated process may increase the work, especially as the programs are being set up and training is being scheduled.
AaSys Group’s security experts with a profound knowledge of the vendor management process can facilitate this chore! Financial institutions that select AaSys Group to assist in the creation of their Vendor Management Program can be assured that highly skilled professionals are diligently at work to ensure institutional safeguards are established.
AaSys Group provides a structured approach in developing vendor management initiatives. Included in the program:
- Initial New Vendor analysis, including assessing the needs of the institution before entering the vendor relationship and performing a risk analysis associated with selecting the vendor.
- Existing Vendor Due Diligence by review of the vendor due diligence information, including:
- Documentation of SSAE 18 controls
- Review of SSAE 18 user control considerations
- Review of financial statements
- Review of non-disclosure agreements
- Review of additional security documents
- Guidance and support when considering termination of a vendor.
- Annual vendor risk assessments
- GLBA Vendor Due Diligence Review
- Reporting of Vendor Management Program status to the Board
Alternatively, AaSys Group can assist with establishing a program that meets regulatory requirements and provide training to personnel as they take over vendor management tasks. All forms and tools created by AaSys Group will be made available to the financial institution, as well as directions on how to optimize their use.
By engaging experts to shoulder vendor management responsibilities, personnel will be freed to concentrate on other demands which are not as readily outsourced. The institution can also rest assured that its Vendor Management Program will achieve optimum functionality while meeting regulatory expectations