2021 Retirement Plan Limitations
On October 26, 2020, the Internal Revenue Service announced the cost-of-living adjustments (COLA) that will take effect January 1, 2021 (IRS Notice 2020-79). ...
Chaos and disruption has been the story thus far in 2020 and the world of third party risk management has been no exception.
Knowing how your organization’s data is being handled and protected by your third parties has always been a challenge and the current situation has only complicated these procedures. While there is no perfect roadmap to navigate these difficulties, companies are finding ways to adapt and gain peace of mind over the protection of their data. These are a few best practices we have seen over the past year that can help improve your vendor management program.
Beyond the annual assessment or questionnaire, maintaining an open dialogue between you and your vendors is absolutely critical. Whether it be staffing issues, financial problems within the company, or even just the regular stresses of working from home, your vendors are facing the same challenges many of us are in the current setting and are often conducting business in different ways than before. Even the occasional email or 15 minute call with your vendor contact can open up communication lines and perhaps uncover challenges vendors are facing that wouldn’t show up in an annual assessment. It is important to have an open communication line in order for you and your business to anticipate and counteract any potential issues before they arise.
Emphasis on Resiliency
Before this year, having a Pandemic Procedure outlined in your Disaster Recovery Plan seemed like a formality. Unfortunately, as the world found out the hard way, truly anything can happen. It is important to be sure that your vendors, especially those critical to your business’ functions, have procedures and resources outlined in order to keep their business operational. Beyond documented procedures, performing a tabletop walkthrough has become a best practice in order to establish roles and responsibilities for key members prior to dealing with an actual event. Give emphasis to your vendors’ resiliency plans and procedures. Remember, to be proactive is to be prepared.
While there is no replacing in-person interaction, companies everywhere are finding ways to make do virtually. The relationship can be maintained but gaining reliance on controls can be tricky, especially physical controls that require observations. The ability to leverage third party attestations such as SOC2 or ISO 27001 is truly invaluable when unable to affirm these controls yourself. Additional evidence can be obtained to satisfy most controls but reports such as these can offer piece of mind when operating in a virtual world.
Peace of mind is hard to come by these days and data security is never certain. Hopefully these tools we have learned over the past few months can be used to prep your vendor management program for whatever comes next in 2020.
This article is part of a series exploring the importance of third-party risk management programs, you can view additional articles below.
About Schneider Downs Third-Party Risk Management
Schneider Downs is a registered assessment firm with the Shared Assessments Group, the clear leader in third-party risk management guidance. Our personnel are experienced in all facets of vendor risk management, and have the credentials necessary (CTPRP, CISA, CISSP, etc.) to achieve meaningful results to help your organization effectively achieve new vendor risk management heights.
In late October, the U.S. Small Business Administration (SBA) requested approval from the Office of Management and Budget (OMB) to collect certain information ...
One PPG Place, Suite 1700
Pittsburgh, PA 15222
65 East State Street, Suite 2000
Columbus, OH 43215
1660 International Drive, Suite 600
McLean, VA 22102