Last week on November 10th, the Federal Financial Institutions Examination Council (FFIEC) issued a revised Management booklet, which is part of the FFIEC Information Technology Examination Handbook. Information Technology governance and risk management were the key elements of the update. Cybersecurity as an element of Information Security was introduced as an expansion upon the definitions of Cybersecurity for third-party vendors published in February, as a part of the Appendix J addition to the IT Examination Handbook. 

Given the expanded focus upon IT Risk Management, and the added requirement of Cybersecurity awareness, VendorInsight® has responded with changes to our standard Vendor Risk Assessment (VRA) and Information Security Questionnaire (ISQ) templates. These changes include validation or denial of cloud-computing within a vendor’s delivery of products or services and validation as to a detailed understanding of the vendor’s Cybersecurity posture.

The revised VRA template will be available for client review in the "About" section of the "Tools" menu on the Client Access Portal on November 20th. The revised sample ISQ template will also be available to clients who have enabled the Vendor Relationship Profile and Policy Compliance (VRP/PCM) modules. Please contact your Program Administrator if you require assistance with updating your VRA master template or if you would like to receive the updated ISQ template.

Do you know who built your vendor management software? It's a funny question and its one that everyone should be asking. We know who built ours.

At VendorInsight® we used to take for granted that our competitors understood vendor management and were true process experts. We often gave them the benefit of the doubt just because they were a competitor and sold a vendor management solution. After a few experiences with new customers who were previously running other vendor management software solutions, we began to realize our assumptions were not true. They weren't getting the help they needed from these companies to continually evolve their vendor management programs and overcome the challenges that every company runs into as their vendor management program grows or as the requirements it must meet expand.

Our history is worth recounting for those who may incorrectly assume the same about us. VendorInsight's web based vendor management software solution was developed and introduced by CMPG, a leading consultancy in banking and financial services, in 2008. Since 1998, CMPG had consulted with Fortune 500 companies, three of the top eight US banks and numerous other financial institutions and companies, helping them build sustainable sourcing and vendor management practices, programs and processes, and training teams of new vendor managers. VendorInsight® emerged as a vendor management software solution built on proven principles of best practices in sourcing, vendor management, contract management and risk management. The initial features in VendorInsight® v1.0 leapfrogged the industry and quickly established VendorInsight® as a premier solution in the industry. This was because our vendor management consultants with decades of real-life leadership and implementation experience were involved in the design process and collaborated with our development team.

Aside from a couple of situations in which our customer was acquired by another company, we have never lost a single VendorInsight® customer - a fact we are very proud of. Our customer retention and high customer satisfaction ratings are metrics by which we measure our expertise, not just our effort, because they are driven by our ability as experts in vendor management to teach, help, coach, and keep our customers oriented toward the success factors for strong vendor management programs and away from the pitfalls and failures of other process designs.