Risk

So many SOC’s to review, so little time and staff to go around. Here’s a crash course:

Crash course here: http://bit.ly/1Oobnan Everyone is heavily overburdened with the demands of trying to comply with regulations. So if your IT or Info Security team doesn't have enough staff to review all SOC reports (or possibly just reviews those with exceptions) yet your internal audit dept wants proof that reviews of all SOC reports are conducted, [...]

Reassessing Vendor Risk – An Ongoing Necessity

So you've done your initial INHERENT risk rating of your vendor and then conducted your due diligence to determine the RESIDUAL risk and you're comfortable doing business with the vendor so you sign a contract. A year from now you plan to conduct the periodic review. But a number of things might have occurred from the [...]

2017-03-16T12:58:50+00:00 February 9th, 2016|3rd Party Risk, Audit, ERM, GRC, Risk, Vendor Management|0 Comments

Plan Your Exit Before You Outsource!

When considering outsourcing a service, it's essential to have an Exit Strategy in place so that you can transition the service to another vendor or bring it back in house prior to or at the end of the contract term. This should be done before you even consider searching for a vendor. A well thought out [...]