3rd Party Risk Categorization Process

Slides:



Advertisements
Similar presentations
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
Advertisements

THE ROLE OF CSDs DURING ENVIRONMENTAL CRISIS OR OPERATIONAL DISRUPTION THE ROLE OF CSDs DURING ENVIRONMENTAL CRISIS OR OPERATIONAL DISRUPTION A PRESENTATION.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.
Oregon Department of Education Business Continuity / Disaster Recovery Program Implementation Mark Tyler Nigel Crowhurst.
Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael.
1 8 - Management and Operation of Technology Infrastructure Management and Operation of Technology Infrastructure.
Investments Institute of Insurance and Risk Management (IIRM) Hyderabad, India 15 November 2005 Arup Chatterjee – Advisor International Association of.
1 Vendor Evaluation: Selecting for Success Dana McCormick Wells Fargo Home Mortgage Delivery Services Baltimore PCC Education Seminar April 27, 2007.
Building a Business Case for Disaster Recovery Planning - State and Local Government Chris Turnley
Security Controls – What Works
Greg Shaw How do we turn private sector preparedness into an investment rather than a cost of doing.
Implications for Caribbean Capital Markets 25 May, 2011 Marlene Murray CFA Society of Trinidad and Tobago.
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Copyright © 2014 Lender Performance Group, LLC. All rights reserved. Managing risks associated with third-party relationships, in other words Vendor Management.
1. Priority: Owner and Guest Safety 2. Build/Maintain a Firm Financial Foundation 3. Improve and Contemporize Building’s Appearance.
Vendor Risk: Effective Management is Essential
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
“A Prepared Marylander Creates a Resilient Maryland” Vital Records Identification and Maintenance February 6, 2014 This document was prepared under a grant.
Nick Wildgoose 8 March 2012 BCI Workshop DELETE THIS TEXT AND PUT COMPANY LOGO IN THIS WHITE SPACE Understanding Risk within your Supply Chain SC1(V1)Jul/05/10GC/ZCA.
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Protect critical information with a smart information-based-risk management strategy. Prepared by: Firas Mohamed Taher.
ISA 562 Internet Security Theory & Practice
Insurance Institute for Business & Home Safety Even if the worst happens, be prepared to stay.
David N. Wozei Systems Administrator, IT Auditor.
Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Risk Assessment: Key to a successful risk management program Sixteenth National HIPAA Summit Timothy H Rearick, MBA, PMP August 22, 2008.
Risk Management CS5493. Risk Management The process of ● identifying, ● assessing, ● prioritizing, and ● mitigating risks.
New A.M. Best Cyber Questionnaire
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Managing Uncertainty, Creating Opportunity Enterprise Risk Management J. Brown, CEO.
Homeland Security, First Edition © 2012 Pearson Education, Inc. All rights reserved. Overview of National Infrastructure Protection CHAPTER 3.
Dolly Dhamodiwala CEO, Business Beacon Management Consultants
RISK & ITS MANAGEMENT. Risk A crisis situation involves : - a threat to resource & people, - a loss of control, - visible and / or invisible effects on.
Cyber Security and how to safeguard data in the ‘Cloud’ Claire Jacques 21 April 2016.
Business Continuity Planning 101
SEC 480 assist Expect Success/sec480assistdotcom FOR MORE CLASSES VISIT
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-I)
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
For more course tutorials visit SEC 480 Entire Course For more course tutorials visit SEC 480 Week 1 DQs SEC 480 Week.
Cyber Insurance Risk Transfer Alternatives
THINK DIFFERENT. THINK SUCCESS.
International Credit Management
We will start momentarily…
BUSINESS CONTINUITY BY HUI ZHENG.
Information Technology Sector
Business Continuity / Recovery
Security on the Move & In the Clouds
The NYS Forum, Inc. Third Party Risk Management
Business Continuity Plan Training
The NYS Forum, Inc. Third Party Risk Management
Critical Infrastructure Protection Policy Priorities
Vendor Management & Business Value
Audit Planning Presentation - Disaster Recovery Plan
Devise the apt response
Cybersecurity compliance for attorneys
John Carlson Senior Director, BITS
Mark Tyler Nigel Crowhurst
Business Continuity Basics
Neopay Practical Guides #2 PSD2 (Should I be worried?)
Cyber Security in a Risk Management Framework
GRC - A Strategic Approach
Effective Risk Management in Decision Making Process
Risk Articulation Articulation Translation to Risk Register
Presentation transcript:

3rd Party Risk Categorization Process 3rd Party Risk Category Assessment Process Process Risk Assessment: Determine if the activity performed by the 3rd Party is critical to the firm and identify the overall stability of the 3rd Party. Data / Access Management Assessment: Determine if the method of interacting with the 3rd Party increases the risk to the firm. 3rd Party Resilience Assessment: For critical activities evaluate the completeness and effectiveness of resilience, response, and recovery programs. Determine the cost of replacing the 3rd Party after a catastrophic disruption Process Risk Assessment Activity Type Service / Product Support Intellectual Capital 3rd Party Entity Type Financial Transactions/Credit Worthiness / Insurance Industry Concentration Data / Access Management Assessment Data Access Methodology Restricted / Confidential Information Management Information Security Review Finding Physical Security Access Technology /Software Risk 3rd Party Resilience Assessment Locations: Operations – Data Centers (Domestic / Foreign) BC / DR / Incident Management Resilience Factors: RTO/RPO/SPOF Dependency Analysis Replacement Challenges (Availability of alternative / Ease of / cost of transition) 3rd Party Risk Categories: Based on the results of the assessment determine the level of due diligence, and ongoing risk assessment required for the 3rd Party relationship. Vendor Risk Categories include: Critical / Important / Medium / Low

3rd Party Risk Category Assessment Guidance Process Risk Assessment Activity Type: Define activity types and associated risks levels. Service / Product Support: Determine if the 3rd Party will support an essential service/product of the firm and the impact to the firm and its customers if the 3rd Party has a significant business disruption. Intellectual Capital: Determine if the 3rd Party service provide will have exposure to the firm’s intellectual capital. 3rd Party Entity Type: Define the types of 3rd Party entity and the potential risks associated (Government / Self-Regulated / Public / Private) Financial Transactions /Credit Worthiness / Insurance: Determine the volume and value of financial transactions involving the 3rd Party. Assess if the 3rd Party’s credit worthiness and if they have adequate insurance coverage. Industry Concentration: Determine if the 3rd Party service provider supports a significant portion of the marketplace and if that service provider was out of operation how would it impact the industry. Data / Access Management Assessment Data Access Methodology: Define the methods for sharing information with 3rd party service providers and how much risk is associated with each method. Restricted / Confidential Information Management: Determine the data privacy levels associated with the 3rd Party relationship and the level of risk associated with data privacy requirements Information Security Review Findings: Critical 3rd Party service providers must go through a comprehensive information security review. Findings associated with this review must be assessed to determine the level of risk to the firm. If needed risk mitigation plans need to be developed before proceeding. Physical Security Access: Validate that the 3rd Party service provider has adequate physical security to protect their ability to provide services to the firm as defined within the contract. Technology / Software Risk: Assess the risks associated with the 3rd Party’s use of technology infrastructure and software. Determine the impact of specialized or customized use of the environment. 3rd Party Resilience Assessment Locations: Assess the location of all operations and data centers that will support the service to determine if they are adequately geographically disbursed. Determine the risk associated with the domestic / international locations of the service provider including exposure to natural and man-made threats. BC / DR / Incident Management: Assess the effectiveness of the 3rd Party service provider’s business continuity, disaster recovery and incident management programs to determine completeness and effectiveness. Resilience Factors: Determine the value of various resilience factors for services provided by a 3rd Party Establish value parameters for each factor to determine the level of resilience required for critical services. Factors include: RTO (Recovery Time Objective), RPO (Recovery Point Objective), and SPOF (Single Point of Failure). Dependency Analysis: Evaluate the dependency of the 3rd Party on additional external resources. Evaluate these relationships based on the potential impact to the service provided to your firm. Replacement Challenges: Determine the cost in funds and effort to replace a 3rd Party service provider in the event that the 3rd Party is unavailable for a significant period of time, or has breached its legal obligations to the firm.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.