Introduction to Risk Management, Part 1: Vendor and Third-Party Risk
Information technology plays a central role in your business, so it’s important to understand potential risks, especially as they relate to third-party relationships. In this webcast, ACA will discuss ways your firm can identify, assess, and manage the cyber and information security risks of working with third-party vendors.
In part one of this two-part webcast series, we’ll focus on the growing concern of investors and regulators (including the SEC, FINRA, CFTC, and NFA) regarding third-party relationships. Oversight is imperative as firms increase their reliance on third-party vendors and outsourced service providers to deliver business-critical processes as well as manage sensitive information. As a result, it is becoming increasingly important that firms incorporate due diligence procedures throughout the life cycles of their relationships with vendors.
As part of this discussion, our speakers will address:
- Vendor risks;
- Objectives of vendor diligence;
- Focus areas of diligence; and
- Proposed SEC rule 206(4)-4 regarding vendor BCP/DR review requirements.