Vendor Risk Management Programs Demystified

In this episode of GRC & Me, guest host Szuyin Leow, VP of Customer Success, sits down with one of LogicGate's rockstar customers, Stephen Crouch of Texas Mutual. Stephen and Szuyin share their insights into how they have seen the vendor risk management space evolve. They weave a path of vital GRC topics and scenarios, such as a description of Texas Mutual's current vendor risk management (or third-party risk management) process, how a critical vendor is defined, and what qualifies a vendor as critical. And so much more, such as:

• It is essential to raise awareness about risk culture so anybody involved with vendors understands its importance.
• Set clear criteria for definitions. The use of the word critical, for example, can mean different things around the company.
• Try to reassess what risk categorizations are and how vendors are labeled.
• When identifying risk management items, capture inherent risks upfront.
• Reach out to stakeholders internally to see how they can make things more user-friendly.
• Make sure that you have all your data classification levels correctly applied.
• Think about connections. Try to unite risk registers, business continuity plans, vendor risk management, or third-party risk management programs.

 

Make sure to check out the full podcast episode here: