A clear and bold header

Advance Notice Of Proposed Enhanced Cyber Risk Management Standards

Posted by Admin on Nov 23, 2016 1:29:00 AM

On Tuesday, November 22, 2016, the OCC, Federal Reserve and the FDIC a press release announcing an invitation of comments on an advance notice of proposed rulemaking (ANPR), regarding enhanced cyber risk management standards for large banks under their supervision.

These regulatory agencies hope to increase operational resilience and lower the probability of failure in the banks they supervise.


Here’s what you need to know:

• The ANPR was published in the Federal Register on October 26, 2016, and comments are due by January 17, 2017.
• The ANPR applies to:
o any national bank, federal savings association (and any subsidiaries thereof), or federal branch of a foreign bank that is a subsidiary of a bank holding company or savings and loan holding company with total consolidated assets of $50 billion or more;
o any national bank, federal savings association, or federal branch of a foreign bank that has total consolidated assets of $50 billion or more and does not have a parent holding company; and
o any third-party service provider with respect to services provided to any covered national bank or federal savings association (or any subsidiaries thereof).
• The ANPR is not applicable to community banks
• Banks regulated by the above-mentioned agencies are required to ensure that the services they receive from third-parties are conducted with the same standards that would apply if the bank conducted the operations itself—therefore, the proposed enhanced standards would apply to all operations, even those serviced by third-parties.

Read More

Topics: FDIC, Federal Reserve, Cybersecurity, vendor risk management


Posted by Admin on Nov 2, 2016 1:22:00 AM

We talk a lot about the horrors and headaches of vendor risk management, but the reality is that most financial institutions wouldn’t be able to meet their customers’ needs without their third and fourth-party vendors. So in the spirit of Thanksgiving, we give you five sincere reasons to say “thank you” to your vendors this month:

1. Thank you for working with us to create a mutually beneficial relationship built on mutual trust.

2. Thank you for providing accurate documents and information in a timely manner—Bonus: especially when it’s without even being asked!

3. Thank you for maintaining consistent, open communication between our parties.

4. Thank you for playing fair and not attempting to get the real advantage when it comes to putting together contracts.

5. Thank you for acting as an extension of our institution in order for us to provide our customers the level of service they expect.

Vendors don’t typically receive words of appreciation, so if you’ve got some good ones in your corner, take a moment this month to let them know they’re doing a good job! Tis the season after all, and a little encouragement is sure to go a long way in the quality of your relationship.

Read More


Posted by Admin on Aug 3, 2016 2:16:00 AM

VendorINSIGHT strives to constantly improve our system to give our customers the most up-to-date and advanced technology. With the new PCM Document Request feature we recently introduced, users can request documents directly from any vendor through the PCM Associations screen. Vendors will receive an email with a link allowing them to upload the requested document. This feature makes it easy for users to collect necessary documentation without the hassle of tracking and sending separate emails. VendorINSIGHT takes pride in serving our customers with a streamlined and simplified VRM process and the PCM Request module is just one of the many ways we continue to do so.

Read More


Posted by Admin on Aug 2, 2016 2:01:00 AM

VendorINSIGHT is proud to be a supporter of the CBAO and local banks in our community. This is why we are offering a free luncheon held on Best Practices for 4th Party Vendor Management to local banks who attend the CBAO Annual Conference. VendorINSIGHT prepares our customers to handle the current and upcoming changes in the industry. We are proud to offer this event on 4th party vendor management- an issue that is becoming increasingly important. VendorINSIGHT takes the time to listen to our customers and strives to present them with the relevant information they need to succeed.

Read More


Posted by Admin on Jul 12, 2016 2:48:00 AM

You asked for it, we made it happen! VendorINSIGHT is very excited to announce that the new User Forum requested at our User Group Meeting is now a feature available as a part of this latest major release. Users are able to ask questions, exchange ideas, and communicate with one another through their VendorINSIGHT program.

Included in this release is Fourth Party Risk Tracking. Assign, track, and add documentation for fourth parties associated with your vendor contracts.

Users of VendorINSIGHT are asked to contact their Program Administrator to enable these and many more features. Not a VendorINSIGHT user but want to learn more about how our risk management software solution is leading the industry? Call today for more information on how VendorINSIGHT may be able to streamline your VRM process while guaranteeing compliance!

Read More


Posted by Admin on Feb 17, 2016 2:36:00 AM

If you have not seen the invitation for our annual User Group meeting on May 3rd in Nashville, Tennessee, please let your VendorINSIGHT® Program Administrator know so that we can be sure that you have all the details. Based upon feedback from clients who attended the meeting in Baltimore last year, this meeting was well received and provided an excellent forum for idea sharing among VendorINSIGHT® peer users and the VendorINSIGHT® management staff.

One area within Vendor Risk Management that continues to garner attention from the news media and the Regulators is Cybersecurity practices. From the consulting side of our business, three articles have been published in the last six months with regards to providing insight and guidance on IT Risk Management practices specifically aimed at the non-technical executives, inclusive of recommended Cybersecurity training for directors and how to prepare and respond to a data seizure. These can be found at our CMPG website.

In our upcoming meeting, we currently plan to continue on the theme of Cybersecurity education with a presentation on the background and key tenants of Cyber Insurance policies. Please let VendorINSIGHT® know if this is a topic that rings true in your role as the gatekeepers for Vendor Risk Management. We hope to see you in Nashville!

Read More


Posted by Admin on Dec 30, 2015 2:37:00 AM

VendorINSIGHT announced the latest updates to our Vendor Risk Assessment and Vendor Performance Scorecard modules earlier this month. The recent changes enhanced the customer's flexibility to update the templates in the platform as desired. We are very satisfied with the positive feedback we've received about the updated modules.

The Vendor Performance Scorecard (VPS) module's redesign will improve usability, allow for increased customization as requested by our customers and accommodate future data trending. The new VPS-2 design provides all of the functionality of the VPS-1 module and provides better flexibility for customization. The survey builder accommodates an unlimited number of questions and continues to track service levels.

We understand that not all of your vendors, suppliers and third parties demand the same attention. Each provider's risk to the institution constantly varies. With the introduction of Vendor Class, customers can configure multiple risk assessment templates that are dependent on the each vendor's class or risk to the organization making the risk assessment multi-level.

On a final note, VendorINSIGHT would like to thank each and every one of our valued customers. 2015 has been a year for the books. We look forward to continuing to please our customers in the years to come.

Read More

VendorInsight® Responds to Nov. 10 FFIEC Update

Posted by Admin on Nov 17, 2015 2:50:00 AM

VendorInsight_square logo_blk_rbg-3

Last week on November 10th, the Federal Financial Institutions Examination Council (FFIEC) issued a revised Management booklet, which is part of the FFIEC Information Technology Examination Handbook. Information Technology governance and risk management were the key elements of the update. Cybersecurity as an element of Information Security was introduced as an expansion upon the definitions of Cybersecurity for third-party vendors published in February, as a part of the Appendix J addition to the IT Examination Handbook. 

Given the expanded focus upon IT Risk Management, and the added requirement of Cybersecurity awareness, VendorInsight® has responded with changes to our standard Vendor Risk Assessment (VRA) and Information Security Questionnaire (ISQ) templates. These changes include validation or denial of cloud-computing within a vendor’s delivery of products or services and validation as to a detailed understanding of the vendor’s Cybersecurity posture.

The revised VRA template will be available for client review in the "About" section of the "Tools" menu on the Client Access Portal on November 20th. The revised sample ISQ template will also be available to clients who have enabled the Vendor Relationship Profile and Policy Compliance (VRP/PCM) modules. Please contact your Program Administrator if you require assistance with updating your VRA master template or if you would like to receive the updated ISQ template.

Read More

Topics: FFIEC, compliance management, vendor management software


Posted by Admin on Jul 29, 2015 2:46:00 AM

July 29, 2015 – VRM Pro™ is VendorINSIGHT®’s solution to your vendor management problems. VendorINSIGHT® is the industry leader with extensive consulting and outsourcing expertise in vendor management since 1998. With VRM Pro™ our team will become your vendor management department.

We classify your vendors, rate their criticality, perform due diligence and keep all your documentation up to date. All that you have to do is simply review the results of our analysis and determine whether to accept the risk of the vendor relationship or to mitigate risk through additional controls.

Contact a VendorINSIGHT® representative to learn more about how VRM Pro™ provides Return on Investment benefits and can save your organization time.

Read More


Posted by Admin on Apr 15, 2015 2:43:00 AM

April 15, 2015 – VendorINSIGHT® announced today the release of VendorINTEL™, a turnkey vendor management solution for institutions under $1 Billion in assets. VendorINTEL™, powered by VendorINSIGHT®, allows you to monitor your risks and manage vendor relationships while meeting regulatory requirements at a cost friendly price!

The VendorINTEL™ set-up process is easy, allowing potential customers to register an account with a 30-day unconditional, money back guarantee if not 100% satisfied. You can find additional information about the newest VendorINSIGHT® vendor management solution on the VendorINTEL™ website.

Read More


Posted by Admin on Mar 24, 2015 1:52:00 AM

Coming on the heels of the business resiliency guidance of third party service providers released in February, the FFIEC issued a press release last Tuesday detailing their focus for the remainder of 2015 on Cybersecurity. This is in addition to the discussion of Cybersecurity Resiliency within the just released Appendix J to the IT Examination Handbook series. The pilot cybersecurity assessment completed in 2014 by the FFIEC with 500 institutions has led them to detail multiple efforts to help the industry self-assess and prepare for cybersecurity threats.

We see three key issues coming from this press release:

1. A cybersecurity self-assessment tool is being finalized to allow FIs to evaluate their own cybersecurity posture. We would predict that once this tool is released, this will become an important future exam element, and will likely need to be integrated into all measures of operational risk measurement, including services received from third party providers, and risk rated within solutions such as VendorINSIGHT®.

2. The press release notes that they are not yet done with guidance as it relates to third parties. Specifically the FFIEC will “expand their focus on technology service providers’ cybersecurity preparedness.” As was addressed with the updates to our software solutions in February on Business Resilience, we would expect continuing updates to our VendorINSIGHT® and BCP-Insight™ solutions to keep pace with best practices and guidance.

3. IT Governance expectations will increase. Per the press release, the FFIEC “will enhance their incident analysis, crisis management, training, and policy development” which likely means this expansion and coordination at the regulatory level will end up in the policy and procedure guidance for deployment within your organizations, and overseen by management and the board.

We applaud the FFIEC for getting this critical element of security and risk to the forefront and leading the key partnering between the public and private sector. We are not surprised, as we had provided earlier commentary in our blog entry in June of 2014. Stay tuned into Channel VendorINSIGHT and we'll keep you abreast of how our systems will continue to evolve to meet these new requirements as they are announced.


Read More

Vendor Management Expectations Impacted by FFIEC Expansion of Business Continuity Handbook

Posted by Admin on Feb 28, 2015 2:39:00 AM


 The FFIEC recently expanded its guidance by adding an amendment to its Business Continuity Planning handbook. Introducing the concept of "Business Resiliency," there are a number of NEW testing and vendor review requirements that pertain to third parties and outsourced technology service providers that must be included in vendor management programs, risk assessments and vendor profiles.

We anticipated this with the integration of our BCP system to VendorInsight® in January of this year and have already updated VendorInsight® to comply and meet 100% of this new guidance. Many of our customers are using the integrated features of our BCP-Insight™ system and reaping the benefits of this integration.

We expect more updated guidance and prescribed compliance from The Federal Reserve, OCC, FDIC and CFPB later this year and will keep you updated. Stay tuned here.


Read More

Topics: FFIEC, Business Continuity

Business Continuity Management System Integrates to VendorInsight!

Posted by Admin on Jan 13, 2015 1:31:00 AM

With release 6.8.0 we've fully integrated our BCP-INSIGHT™ and VendorINSIGHT® systems into a single Enterprise Risk Management (ERM) suite. Look for more important enterprise risk features and services to be introduced in 2015.

With total database integration and crossover matrix user credentialing, now our customers can define roles and workflow that transcends the traditional departmental boundaries to see risks, vulnerabilities and remediation statuses across vendors, departments, and business processes. This is a significant advancement for our solution and a leading capability among industry solutions.

CMPG's patent-pending BCP solution brings the user-friendliness, rapid implementation, and reliability of VendorINSIGHT® to the BCP/DR arena as our competitors continue to struggle to keep up with our rapidly advancing lead in the industry!

Read More


Posted by Admin on Jan 8, 2015 2:41:00 AM

In 2014, we grew more than 20% and we expanded our presence with large and medium sized financial institutions as well as with smaller ones and in other industries. We've been swamped and working hard these past few record-setting months! We also successfully introduced four major releases with fantastic workflow features and helpful reporting along with new content management features.

There seems to be a division emerging in the industry right now. At one end of the scale, there are super-large enterprises and Fortune 100 companies looking for large-scale enterprise platforms to manage enterprise risk and vendor/supplier risk all together. We call these the ERM solutions. At the other end of the scale - typically banks below $50B in assets and Fortune 500 to 1000ish companies - customers are looking for sophisticated and complete vendor management systems, without the complexity, cost and enterprise headaches.

This makes sense, on the surface it would seem that an all-in enterprise risk system could save some money but the ERM players were late to the game with vendor management and are still a ways from catching up. There simply aren't the features, workflow, tools and monitoring services in their systems and there might never be because vendor risk management is only one small part of the overall enterprise equation. The reality is that the dedicated vendor management solutions do a much better job, and a much more productive job of helping customers manage a complex process like vendor management that is already sophisticated, crosses multiple organizational boundaries and requires advanced tools and reporting and workflow. In other words, they're useable and more oriented toward the things vendor management and third party risk management groups need to do.

For the vast majority of the industry, an ERM solution is far too expensive, it saps IT resources and infrastructure, and the learning curve makes it extremely difficult to achieve simplified processes with the productivity needed without hiring additional personnel. So far, the market tells us we're on the right track with our advanced software that can easily be put to effective use by both small and large companies, providing scalability, and our exceptional customer service model that consistently achieves the highest ratings!

We've had several customers convert from other solutions to come over to VendorINSIGHT® and to this day we've still never lost a single customer to a competing solution except in the event of an acquisition by a large company who used a different vendor management system! That is something we're proud of....taking care of and helping our customers the way they need us to.

If you aren't already a VendorINSIGHT® customer we hope you'll become one soon so we can help you and take care of you, too!

Read More


Posted by Admin on Dec 8, 2014 2:08:00 AM

We opine so often on vendor management, contract management, process design, regulatory guidance and other topics of interest to our community that it is nice to take a break and stop and simply say: "Thank You and Happy Holidays."

This time of year, we are busy wrapping up a lot of proposals for new customers anticipating a budget for a new vendor management system and for existing customers as they head into 2015 with new and expanded budgets hoping to implement new modules and features. These are like presents! As they unwrap them and begin to see how beneficial our Service Team and our VendorINSIGHT® software can be working together, they smile and are more optimistic about the future.

From the entire VendorINSIGHT® team, we wish all of you and your families a warm and wonderful holiday season.

Read More


Posted by Admin on Sep 27, 2014 2:13:00 AM

Not all of your vendors, suppliers and third parties demand the same attention. And the differentiation extends well before you ever do a risk assessment. As we've worked with customers that range from Fortune 500 companies to mid-market companies, we've developed a groundbreaking approach to segmenting vendors and their workflow. If you are interested in learning how enterprise data integration, centralized vendor record keeping and vendor metadata can work together to give you control over your entire vendor list and payees, check out a demo of VendorINSIGHT® and see it in action.

Once again, VendorINSIGHT® is leading the industry in business process workflow and integration to ensure that the ROI on your vendor management system is high. We're excited about Release 6.7 and the control and data centralization it gives our customers. Even our smallest customers are benefitting from this important new feature.

Read More


Posted by Admin on Jun 30, 2014 2:18:00 AM

This just in. Pretty interesting stuff. In this latest article posted on Bank Info Security, commentary about a new OCC report suggests that OCC warns of infrastructure risks in banking and notes that fraud as a result of cybersecurity risk isn't necessarily the top priority. Rather, deeper intrusions into banking networks and the payments infrastructure "demand that risk mitigation become a priority." The reports goes on to say bankers should ensure that risk management of third-party relationships (aka vendor management) is commensurate with the breadth, complexity and criticality of these arrangements. Reference is also made to the 2013-29 OCC bulletin issued last fall.

What made us really sit up and notice was the following. Aviah Littan, ex-head of NSA, put it bluntly, saying that regulators are going to have to get heavy handed in order to ensure community banks understand the risks and act appropriately. These comments come as more than 500 community banks (up to $10 Billion in assets) are slated to be examined under the FFIEC's new Cybersecurity Risk Assessment program. There's a whole new wave of regulation being formulated around cybersecurity and network vulnerability and it we expect it will most definitely impact your third party and vendor risk management program with new requirements. Stay tuned into Channel VendorINSIGHT and we'll keep you abreast of how our system will continue to evolve to meet these new requirements.

Read More


Posted by Admin on May 13, 2014 2:15:00 AM

A while back, we published a couple of white papers that described the various ways in which VendorINSIGHT® generates a return on investment, or ROI, for customers. We recently updated these numbers based on the current environment and discovered VendorINSIGHT® is generating an ROI of more than 800%! There aren't many investments like that these days. It's nice to know that we can improve the financial performance of our customers by helping them deal with regulatory and risk issues in a more efficient, productive, and automated manner. With VendorINSIGHT®, a lot of our unique monitoring solutions that our competitors don't offer - like our news service and our social media and customer complaint monitoring - create even more value on top of the core vendor management system (VMS).

Read More

Who Delivered 782 Vendor Risk Alerts Last Year?

Posted by Admin on May 5, 2014 2:56:00 AM

We did. That's an amazing number and it underscores the importance of vendor monitoring. Without knowing what is going on with your vendors - their financial health, whether they are under regulatory sanctions, or if they have had a data breach - you have no idea how risky they are to do business with. Sure, you may have reviewed their information security controls or assessed their financial strength when you started doing business with them...but things change every day. Financial stability deteriorates, data breaches happen and control audits reveal weaknesses and risks. That's why vendor monitoring is important. Every day we monitor the news and market-based risk for more than 650 industry vendors and issue risk alerts to our customers through the VendorINSIGHT® system. It's just one of the many things that sets VendorINSIGHT® apart.

Read More

The 5 Most Important Things to Remember When Designing Your Vendor Management Program

Posted by Admin on Apr 22, 2014 2:26:00 AM

We see a lot of companies overthink their vendor management program. Inevitably, they end up tangled in a complicated process design. By its very nature, vendor management is a simple process.

Read More

Topics: Vendor management

VendorInsider Blog

Insight into Vendor Management Best Practices, Challenges, Solutions and Trends from Industry Insiders

As one of the longest running and most advanced vendor management software solutions, the helpful people of VendorInsight® have a unique perspective on third-party risk, compliance and management.  In the VendorInsider Blog, we share our insights on timely and relevant issues facing vendor managers.  You can subscribe using the button below, or contact us with questions.

Subscribe to Our Blog

Recent Posts