Vendor Compliance Management: Carve-Out vs Inclusive Method

by Joseph Kirkpatrick / December 18th, 2017

Vendor Compliance Management As you’re preparing your service organization for a SOC 1 audit, you want to identify who your third parties or vendors are, what services they provide to you, and whether they’ve gone through audits themselves. Any control that governs the vendors you utilize will be reviewed in a SOC 1 engagement. Your vendors might include a data center, an application service provider, a managed IT provider, or…

Vendor Compliance Management Series: Performing an Effective Risk Assessment

by Sarah Harvey / September 26th, 2014

Vendors and Risk Assessments Are you looking to find out more about how to ensure that your organization is meeting vendor compliance management requirements? This webinar provides an overview of ways that you can ensure that your organization is performing an effective risk assessment. In this webinar, Joseph Kirkpatrick introduces and gives an overview of external guidance’s that may serve to be potentially useful for your organization to establish or…

Vendor Compliance Management Series: Where To Start?

by Sarah Harvey / May 29th, 2014

What’s Changed? There needs to be a full chain of custody as the CFPB expects you to “oversee their business relationships with service providers in a manner that ensures compliance with Federal consumer financial law….” For example, if you have “any person (i.e. service provider) that provides a material service to a covered person (i.e. you) in connection with the offering or provision by such covered person of a consumer…