This course is provided by the Compliance Education Institute.
Going on a vendor site visit could either be a waste of time and money or it could be extremely beneficial if it is planned properly and goals are set. However, without advance planning and knowing what to ask and look for, you’re at the mercy of the vendor’s agenda which does not always match yours.
Who should attend
This course is beneficial for vendor management staff, IT staff, COOs, CIOs, BCP/DR teams and compliance and risk staff.
Vendor Site Visits: Beyond the Welcome Mat begins with the planning and preparation stages so that you set an agenda for yourself in order to come away with the information you need to make intelligent business decisions about the vendor relationship.
This course then continues with observations you should be making before you even set foot in the vendor’s facility and questions that you should be asking once you arrive. We even dive into the “intangibles” that you should develop a feel for about the vendor’s staff and their interactions with one another.
The Site Visit ScoreCard examines 14 functional areas and provides more than 340 questions to choose from depending upon the type of vendor you visit and the goals that you set in the planning stage. Each functional area is scored and rated against your own risk tolerance and then they all roll up into an overall score and vendor rating. The following functional areas are assessed (as appropriate):
- Facility Access
- Corporate Structure and Strategy
- HR & Staffing
- Physical & Environmental Controls
- Technical Access Controls
- Network Security
- Patch & Change Management
- Data Management
- Security Policy
- Software Development Life Cycle
- Incident Response
- Business Resilience
- Hosted Application Controls
- 4th Party Management
Additional course resources, provided by Compliance Education Institute, include:
- Vendor Site Visit Scorecard,
- Site visit planning worksheet
- Webinar workbook
Course length: 1 hour
About the presenter: Compliance Education Institute LLC
Mick Kless is the founder and CEO of RISC Associates, a regulatory compliance consultancy and compliance automation tools developer, and Compliance Education Institute, the training and education division of RISC. He is a recognized industry expert on vendor management and the creator of the Certified Regulatory Vendor Program Manager (CRVPM) course. Mick has spent more than 30 years in financial services, has focused on GLBA 501(b) issues since 2001 and has specialized in vendor management regulatory issues since 2004.
For course access questions, email firstname.lastname@example.org.