Workshops / Seminars
Vendor
Due Diligence
Today’s financial institutions are relying heavily on vendor partners to perform tasks ranging from the mundane to handling critical processes and information, including nonpublic customer information. With this growing trend comes increasingly stringent regulations governing the security of customer data. And, according to the FFIEC, you are responsible for establishing and approving a risk-based policy to govern the vendor process.
An effective vendor management program should provide the organizational framework for Management to identify, measure, monitor, and control the risks associated with vendor relationships.
Agenda
-
Risk Management Basics
-
Vendor Risks
-
Governing Threshold
-
Policy and Procedure
-
Vendor Owners
-
The Due Diligence Process
- Pre-contract
- Contract
- Post-contract
-
Streamlining the Process
-
Checklists
Deliverables (Templates / Boilerplates)
-
Board-level Vendor Management Policy
-
Vendor Management Procedure
-
Vendor Contract
-
Vendor Nondisclosure Agreement
-
Vendor Due Diligence Checklist
-
Access to our Workshop Portal and Appropriate Boilerplates
Who Should Attend
This workshop is directed to bank management, compliance personnel, purchasing coordinators, information security officers, vendor owners . . . anyone involved in developing vendor relationships or information security policies / procedures should attend this hands-on workshop.
What You Should Bring
You DON’T have to bring anything, as this workshop will help you build your vendor management program from the ground up. However, if you already have one. Please bring a current copy of your Vendor Management Policy and your Vendor Management Procedure. This is a hands-on workshop, so bringing your policy and procedure will help you get the most out of your time!
About the Speaker
Dan Hadaway,
CISA, CISM
Dan has worked
extensively with banks on GLBA training and policy issues, engaging on projects
ranging from IT Audits to Compliance Program Development. He has provided User
Awareness Training at all levels of the bank (Board, Management, IT, and User).
He can tailor his consulting to any size bank, working on simple user-level
policies with banks as small as one location to billions in asset size. He has
provided management-level regulatory compliance training for Fortune 500
companies as well as user-level awareness training for the smallest of banks.
His strength is helping banks decide where in the “security/compliance spectrum”
they should be.
He is the Managing Partner of infotex, an Indiana Bankers Preferred Service Provider in several areas, including Information Security Training.
Infotex Portal Articles
