Vendor Management is one of the hot topics of 2008. Both the FDIC and NCUA have identified it as a key factor in upcoming examinations, turning up the heat on financial institutions to understand how critical data is secured when in the hands of third-party service providers.

This webinar presents the key points of what financial institutions should know about the risks involved with entrusting business processing, operations and data handling to third parties.

Outsourcing is becoming commonplace, particularly with many top financial, health care, tax reporting, and credit reporting companies. When you entrust vendors with your institution's confidential data, you are placing all control of security measures for your organization's data completely into their hands. That trust cannot be blind. Many recent security incidents have resulted from inadequate security practices within outsourced organizations handling another company's customer or employee data.

Many banks and other financial institutions provide products and services though arrangements with third party vendors. When appropriately managed, these third-party arrangements can assist institutions in attaining strategic objectives. Understanding the importance of managing the potential risks that can exist with these arrangements is important. Does your financial institution's examiner have vendor management program oversight on their list of issues to ask you about during your next examination?

Before a prospective service provider is identified, it is essential the institution's management have a clear understanding of the requirements and expectations they are seeking to meet. FFIEC's Guidance, "Risk Management of Outsourced Technology Services," shows how a comprehensive risk assessment should consider how the outsourcing arrangement will support the institution's objectives and strategic plans and how the relationship with the service provider will be managed. The next step in the process involves conducting due diligence to evaluate a service provider to determine its ability, both operationally and financially, to meet your institution's needs.

Leading this webinar will be Rebecca Herold, an information, security, privacy and compliance analyst, and author. Herold will explain to attendees when you outsource critical data processing, operations and management activities, you must take action to stay in charge of your own business data security and minimize your business risks. You must hold your vendors to strict security standards. In many instances, the standards applied to vendors will be more stringent than your institution's internal security requirements.

Following the presentation attendees of this session will have an opportunity to hear questions asked of the presenter as well as listen to vendor management compliance concerns from financial services organizations throughout the country.

Rebecca Herold, CISM, CISSP, CISA, CIPP, FLMI

Rebecca Herold is an information, security, privacy and compliance analyst, author and instructor with her own company. Herold is also an adjunct professor for the Norwich University Master of Science in Information Assurance program. She has provided information security, privacy and regulatory services to organizations from a wide range of industries throughout the world. Herold has more than 15 years of information privacy, security and compliance experience. She was instrumental in building the information security and privacy program while at Principal Financial Group.

---