A clear and bold header

VendorInsight® Responds to Nov. 10 FFIEC Update

Posted by Admin on Nov 17, 2015 2:50:00 AM

VendorInsight_square logo_blk_rbg-3

Last week on November 10th, the Federal Financial Institutions Examination Council (FFIEC) issued a revised Management booklet, which is part of the FFIEC Information Technology Examination Handbook. Information Technology governance and risk management were the key elements of the update. Cybersecurity as an element of Information Security was introduced as an expansion upon the definitions of Cybersecurity for third-party vendors published in February, as a part of the Appendix J addition to the IT Examination Handbook. 


Given the expanded focus upon IT Risk Management, and the added requirement of Cybersecurity awareness, VendorInsight® has responded with changes to our standard Vendor Risk Assessment (VRA) and Information Security Questionnaire (ISQ) templates. These changes include validation or denial of cloud-computing within a vendor’s delivery of products or services and validation as to a detailed understanding of the vendor’s Cybersecurity posture.

The revised VRA template will be available for client review in the "About" section of the "Tools" menu on the Client Access Portal on November 20th. The revised sample ISQ template will also be available to clients who have enabled the Vendor Relationship Profile and Policy Compliance (VRP/PCM) modules. Please contact your Program Administrator if you require assistance with updating your VRA master template or if you would like to receive the updated ISQ template.

Read More

Topics: FFIEC, compliance management, vendor management software

Vendor Management Expectations Impacted by FFIEC Expansion of Business Continuity Handbook

Posted by Admin on Feb 28, 2015 2:39:00 AM

 

 The FFIEC recently expanded its guidance by adding an amendment to its Business Continuity Planning handbook. Introducing the concept of "Business Resiliency," there are a number of NEW testing and vendor review requirements that pertain to third parties and outsourced technology service providers that must be included in vendor management programs, risk assessments and vendor profiles.


We anticipated this with the integration of our BCP system to VendorInsight® in January of this year and have already updated VendorInsight® to comply and meet 100% of this new guidance. Many of our customers are using the integrated features of our BCP-Insight™ system and reaping the benefits of this integration.

We expect more updated guidance and prescribed compliance from The Federal Reserve, OCC, FDIC and CFPB later this year and will keep you updated. Stay tuned here.

https://www.ffiec.gov/press/pr020615.htm

Read More

Topics: FFIEC, Business Continuity

VendorInsider Blog

Insight into Vendor Management Best Practices, Challenges, Solutions and Trends from Industry Insiders

As one of the longest running and most advanced vendor management software solutions, the helpful people of VendorInsight® have a unique perspective on third-party risk, compliance and management.  In the VendorInsider Blog, we share our insights on timely and relevant issues facing vendor managers.  You can subscribe using the button below, or contact us with questions.

Subscribe to Our Blog

Recent Posts