Outsourced Third Party Risk Management, otherwise known as Vendor Management has been elevated to a top priority with the regulators. Therefore, ensuring your Program is not only going to be effective but also meet with their expectations needs to be a priority for financial institutions. When you outsource, you are placing your confidential customer information in someone else's hands along with the control for the security of that information, but you still retain the responsibility for ensuring the integrity, confidentiality, and security of the information making this Program a crucial part of your overall Information and Cyber Security Program.
Demonstrating the importance of this Program, the OCC and the FRB both issued updated guidance relating to third party relationships in October and December of 2013, respectively while the FDIC reissued its Technology Outsourcing Informational Tools in April of 2014. Then on February 6, 2015, the FFIEC released an update to the Business Continuity Planning Handbook adding Appendix J: Strengthening the Resilience of Outsourced Technology Services. The update includes guidance on Third Party Management, Third Party Capacity, Testing with Third-Party Technology Service Providers, and Cyber Resilience.
Susan Orr has assisted numerous institutions with developing their Outsourced Third Party Risk Management Program and will share her insights into developing an effective program in this webinar.
What You Will Learn:
- FFIEC agencies expectations for your Program
- The latest guidance:
- Appendix J of the FFIEC BCP Handbook
- Appendix D of the FFIEC Outsourced Technology Services Handbook
- FFIEC Supervision of Technology Service Providers, September 2012
- FDIC April 2014 Tools to Manage Technology Providers Informational Brochures
- OCC October 2013 Third Party Relationships
- FRB December 2013 Guidance on Managing Outsourcing Risk
- Classification and Risk Rating criteria
- Required Program elements and essentials
- Needs Assessment
- Due Diligence/Selection
- Risk Assessing
Who Should Attend?
Senior Management, Information Security Officers, Compliance Officers, Risk Managers, IT Managers, Operations Managers.
Please note: This site employs features that may cause unexpected behavior in older versions of Internet Explorer. If you experience a problem, try refreshing your screen. If this doesn't solve the problem, click on this link.
You may contact us by using the Online Chat button below.