Case Study

Annual Onsite Assessments
A Financial Institution was looking to update their annual onsite assessment process for their High-Risk/Critical vendors. The organization needed to update their process to ensure compliance with their regulator, and had to perform onsite assessments for over eighty critical vendors.

Utilizing our experience and expertise with onsite third-party assessments, we identified key areas of focus for each vendor’s onsite visit. We performed a review and analysis of the vendor’s provided documentation prior to going onsite in order to clearly understand the vendor’s controls and processes. We also performed a comprehensive review their policies throughout the organization in areas such as Human Resources, Information Security, Business Continuity/Disaster Recovery, Compliance and other functional areas. In parallel, we were in constant communication with the applicable subject matter experts (SMEs) at the vendor’s firm, the SMEs from our client’s firm and the experts on our team. These deep dives into the third parties’ controls gave additional clarity into the vendor’s adherence to their policies and procedures.

Once onsite, we focused on testing all applicable controls that were identified to ensure that each vendor was in compliance with their policies. We also performed security and information technology checks as applicable.

The onsite assessment process was successfully updated to be compliant with the latest regulatory guidance, and all critical vendors received an onsite review and assessment. This process is still in place, and is a foundational piece of this institution’s ongoing vendor management practice.