DAY ONE
SESSION 1
The Difference Between Criticality and Risk Ratings
There's often confusion surrounding “critical” and “risk level”. Many mistakenly consider these terms synonymous, but they're not – for example, a critical vendor is not the same as a high-risk vendor nor a vendor that is not critical and is low risk. Learn the important difference between the two concepts and how they should be applied within your vendor risk assessment process.
By Hilary Jewhurst at Venminder
DAY TWO
DAY THREE
SESSION 2
2:00 - 2:50pm ET
10-MINUTE BREAK
1:50pm-2:00pm ET
How to Treat Critical Vendor Contracts Differently
Vendor contracts work both to guide you through the business relationship and to act as a safety net. The greater the business risk, the more extensive and well-written the contract will need to be; therefore, contracts for your critical vendors should be treated with greater scrutiny and should include more contract provisions. Learn these special contract considerations for your critical vendors.
By Kelly Vick at Venminder
Q&A
2:50pm – 3:00pm ET
Agenda
Steps to Implement a Risk-Based Vendor Due Diligence Strategy
Not all vendors have the same level of risk, so they should be treated differently when doing due diligence. Risk-based vendor due diligence will save you time and resources, and it’ll be more effective in managing the risk. So, in this session, learn more about this approach and steps to implement it.
An Overview of Fourth- and Nth-Party Vendors
It’s important to identify, assess, and manage fourth- and nth-party risks, especially if critical or high risk. We’ll focus on ways your organization can enhance visibility into their extended third-party ecosystem. Learn how to mitigate fourth- and nth-party risks and methods to determine if your third-party vendors are managing their vendors appropriately.
By Hilary Jewhurst at Venminder
By Kelly Vick at Venminder
Steps to Implement a Risk-Based Vendor Due Diligence Strategy
Not all vendors have the same level of risk, so they should be treated differently when doing due diligence. Risk-based vendor due diligence will save you time and resources, and it’ll be more effective in managing the risk. So, in this session, learn more about this approach and steps to implement it.
By Hilary Jewhurst at Venminder
An Overview of Fourth- and Nth-Party Vendors
It’s important to identify, assess, and manage fourth- and nth-party risks, especially if critical or high risk. We’ll focus on ways your organization can enhance visibility into their extended third-party ecosystem. Learn how to mitigate fourth- and nth-party risks and methods to determine if your third-party vendors are managing their vendors appropriately.
By Kelly Vick at Venminder
Agenda
DAY ONE
SESSION 3
Knowing Your Vendor’s Cybersecurity Posture to Protect Your Organization
While there are several vendor cybersecurity documents to review, it’s a crucial task as it identifies cybersecurity weaknesses and helps your organization understand your vendor’s cybersecurity posture. The risk of becoming the next victim of a cyberattack has never been greater. If your vendor experiences a data breach, that can trickle down to your organization, and your organization can then be held responsible. We’ll discuss documents you need to review and how to handle a data breach.
By Kelly Vick at Venminder
DAY TWO
DAY THREE
SESSION 4
2:00 - 2:50pm ET
10-MINUTE BREAK
1:50pm-2:00pm ET
Assessing Vendor SOC Reports: Reviewing Findings and Next Steps
Another document to collect and review from your vendor to help identify gaps in security is a SOC report – it helps verify your vendors have information security controls in place that are operating effectively, which ultimately protects your organization and customer data. As you review findings in the vendor’s SOC report, you may discover some issues. We’ll briefly discuss what a vendor SOC report is, steps involved in assessing them (including reviewing auditor opinions and findings), and what to do if that vendor has an unfavorable SOC report along with next steps.
By Lisa-Mae Hill at Venminder
Vendor Business Continuity and Disaster Recovery as Part of Your Cybersecurity Program
You must ensure that your vendors have business continuity plans in place to ensure your organization’s operations will experience minimal disruptions if there’s an outage or services are no longer available. A cyberattack can easily cause operational issues, so there are specific elements that should be in a vendor’s business continuity and disaster recovery plans. In this session, we’ll discuss what to look for and review.
By Lisa-Mae Hill at Venminder
Managing AI Risks With Third-Party Risk Management
Artificial intelligence (AI) is an emerging risk and hot topic in third-party risk management. While AI has significant benefits, it’s important to understand the real-world risks that need to be managed regarding AI, such as privacy, cybersecurity, and ethics. Even if your organization doesn’t use AI, your vendor could. We will walk you through the basic principles of AI, help you identify its unique risks, and discuss strategies to integrate the identification and mitigation of vendor AI risk into your TPRM program.
By Hilary Jewhurst at Venminder
Q&A
2:50pm – 3:00pm ET
Agenda
Register today and save your spot!
By Lisa-Mae Hill at Venminder
DAY ONE
DAY TWO
DAY THREE
Agenda
DAY ONE
SESSION 5
Vendor Financial Health in Today’s Business Climate
You must actively monitor your vendor’s financial health to manage the financial risk each third party poses to your organization. Assessing your vendor’s financial health can determine whether a vendor has the financial viability to provide the product or service they’re contracted, making financial health a critical part of an effective third-party risk management program. This session covers financial health in today’s business climate.
By Mike Campbell at Venminder
DAY TWO
DAY THREE
SESSION 6
2:00 - 2:50pm ET
10-MINUTE BREAK
1:50pm-2:00pm ET
Understanding Vendor Exit Strategies and TPRM Closure
Your organization must have a vendor exit strategy developed at the beginning of each vendor relationship. It’s not if the relationship ends, but when the relationship ends. Whatever the reason for termination, an exit strategy is necessary to create a smooth transition during the vendor offboarding process. Join us for this session where we’ll wrap up the bootcamp with a walkthrough of how to successfully exit a vendor relationship, vendor exit strategies, and TPRM closure.
By Hilary Jewhurst at Venminder
Regulatory Requirements and Expectations in Third-Party Risk Management
Regulatory requirements and expectations continue to evolve and change, and it’s clear that regulators are paying more attention to third-party risk management in recent years. If your organization is in a regulated industry, it’s important to meet the requirements. Even if you’re not in a regulated industry, it’s best practice. We’ll cover evolving regulatory changes and requirements over the last year, how to apply these requirements to your program, and how to self-audit.
By Christine Kitamura at Venminder
Top Third-Party Risk Management Program Metrics and Reports
When you consider the number of vendor risks to identify, assess, and manage throughout the third-party risk management lifecycle, it becomes increasingly clear that reporting is an essential part of a third-party risk management program. With so much third-party risk information, where do you start? Learn some of the key metrics to track and reports to have on file.
By Christine Kitamura at Venminder
Q&A
2:50 - 3:00pm ET
Agenda
DAY ONE
DAY TWO
DAY THREE
Agenda