Breakout 4B – Vendor Risk Management & Due Diligence

This session will focus on the key elements of an effective vendor due diligence program.  Attendees will receive useful tools, checklists and questionnaires for conducting a review of third parties and vendors.

Learning Objectives:

  • Conducting the initial due diligence review including DDQs, document requests and on-site visits
  • Memorializing certain key controls in your vendor agreement (cyber security system requirements and duties to notify if there is a material breach)
  • Recognizing red flags and the on-going due diligence process (certifications, service level agreements, assessments)
  • Discussing recent enforcement actions and regulatory expectations regarding due diligence, including cybersecurity