Starting a Vendor Assessment Program
|
|
- Archibald Tyler
- 6 years ago
- Views:
Transcription
1 Starting a Vendor Assessment Program Kevin Brandt, CBCP Agenda Why? Wait Really Why? Overview Policies and Procedures Implementation Work Effort Assessment Tips Special Case What About? Looking Forward
2 Why? Financial institutions should establish and maintain effective vendor and third party management programs because of the increasing reliance on nonbank providers. Financial institutions must understand the complex nature of arrangements with outside parties and ensure adequate due diligence for the engagement of the relationships and ongoing monitoring. The Federal Financial Institution Examination Council (FFIEC) Information Technology Examination Handbook Why? Financial institutions should establish and maintain effective vendor and third party management programs because of the increasing reliance on nonbank providers. Financial institutions must understand the complex nature of arrangements with outside parties and ensure adequate due diligence for the engagement of the relationships and ongoing monitoring. The Federal Financial Institution Examination Council (FFIEC) Information Technology Examination Handbook
3 Wait Really Why? Evaluate vendors on an even playing field. Vendor B Get complete overall picture of organizational business continuity. Get complete overall picture of enterprise risk. Adjust your plans to account for vendor outages. Could strengthen partnerships with key / critical vendors. Competitive advantage? If so then why don t we? RESOURCE CONSTRAINTS! Vendor A Vendor C Best Vendor Overview What does a best in class BCM vendor assessment program look like? Policies Policies Procedures Procedures Some new concepts for the enterprise. Create a plan Implement! Simple right? The challenge: Minimizing implementation work effort.
4 Policies Vendor Management Policies All vendors must go through Vendor Management, Purchasing or some centralized entity. Before final contract negotiations (sooner for comparisons): Vendor Management must contact BCM with new vendors for possible assessment. Fact: Most companies, even large ones do NOT have enough BCM staff to assess all vendors. BCM Policies All vendors must be Qualified by BCM. BCM associates vendor(s) to business process(es) using the shortest process RTO. BCMworks with the business process to assign a Reliance (see next page). Qualified vendors w/appropriate RTO and Reliance are assessed with a questionnaire at a minimum. RTO, Risk and Reliance of certain levels require the business process to sign off on risk to contract with the vendor. Some vendors may be deemed Key and may require onsite assessment and/or joint exercises. Policies Vendor Management Policies All vendors must go through Vendor Management, Purchasing or some centralized entity. Before final contract negotiations (sooner for comparisons): Vendor Management must contact BCM with new vendors for possible assessment. Fact: Most companies, even large ones do NOT have enough BCM staff to assess all vendors. BCM Policies All vendors must be Qualified by BCM. BCM associates vendor(s) to business process(es) using the shortest process RTO. BCMworks with the business process to assign a Reliance (see next page). Qualified vendors w/appropriate RTO and Reliance are assessed with a questionnaire at a minimum. RTO, Risk and Reliance of certain levels require the business process to sign off on risk to contract with the vendor. Some vendors may be deemed Key and may require onsite assessment and/or joint exercises.
5 Procedures Qualify Vendor Associate business process(es) and RTO with vendor. Determine business process Reliance on vendor. Assess vendors associated with business processes with RTOs of 24 hrs or less plus have High or Medium Reliance on that vendor. Vendor Assessment BC Questionnaire sent to vendor. Returned questionnaire scored by BCM. Sample vendor question: How many certified BC professionals on staff? Accept boilerplate Executive Summaries, but push for more detail if needed. Risk Report Reliance and Risk report created by BCM. Reliance and Risk determines next step: High + High, Medium + High, or High + Medium Escalate for sign off. All Set up ongoing reviews. Provide checklist of key contractual terms for vendor negotiations. Ongoing Reviews Store results in BC software or central repository. Schedule follow up assessments (yearly) for monitoring. Action for special circumstances: Vendors can be deemed Key to warrant onsite assessment such as ones related to financial industry regulated business processes. Procedures Qualify Vendor Associate business process(es) and RTO with vendor. Determine business process Reliance on vendor. Assess vendors associated with business processes with RTOs of 24 hrs or less plus have High or Medium Reliance on that vendor. Vendor Assessment BC Questionnaire sent to vendor. Returned questionnaire scored by BCM. Sample vendor question: How many certified BC professionals on staff? Accept boilerplate Executive Summaries, but push for more detail if needed. Risk Report Reliance and Risk report created by BCM. Reliance and Risk determines next step: High + High, Medium + High, or High + Medium Escalate for sign off. All Set up ongoing reviews. Provide checklist of key contractual terms for vendor negotiations. Ongoing Reviews Store results in BC software or central repository. Schedule follow up assessments (yearly) for monitoring. Action for special circumstances: Vendors can be deemed Key to warrant onsite assessment such as ones related to financial industry regulated business processes.
6 Implementation! 4 Assess Appropriate Vendors 2 Create and Implement Best in Class Policies Update any Risk Assessment Policy to Include BC. Update any Risk Acceptance forms. Begin awareness work to roll out the changes. 3 Modify Procedures to Be Best In Class Conduct assessments of appropriate current vendors (based on Reliance and RTO). On an ongoing basis, conduct assessments for new vendors (based on Reliance and RTO). Create a brief BC questionnaire with risk scoring and contractual terms checklist. Work with Vendor Management (or whomever) to have them contact BCM with any new vendors being considered. New vendors get associated to business process and assessed if needed. 1 Determine Backlog of Vendors to Assess Associate vendors to processes. Determine Reliance and earliest RTO. Determine which vendors to assess. Work Effort One BC Planning Cycle (1 year?) Ongoing Determine Backlog of Vendors to Assess During the normal BC planning w/each business process, associate vendors to the process. Ask questions of the SME of the business process to determine Reliance. Focus on the earliest RTOs for your organization. Once the volume of vendors to assess is known, the work effort for the backlog can be determined. Modify Procedures Create a brief BC questionnaire with risk scoring. Start small and expand later. Important: make it as empirical as possible. Create contractual terms checklist. Work with Vendor Management (or whomever) to have them bring you any new vendors being considered. New vendors get associated to business process and talk to the SME to determine Reliance. Assess Vendors in Backlog Conduct assessments of appropriate current vendors (based on Reliance and RTO). Assess vendors during BC planning to minimize impact. Meanwhile Create and Implement New Policies While reviewing plans and discovering vendors: Update any Risk Assessment Policies to Include BC. Update any Risk Acceptance forms. Begin awareness / organizational change work to roll out the new policies. Assess New Vendors as they Arrive Prioritize new vendors being brought to you for review to help embed the new process in the enterprise. Continue to make awareness of the process a focus.
7 Assessment Tips Categorize The Questions Questions should be categorized to cover the practice areas of Business Continuity. Risk assessment, BC Planning, Exercises, etc. Questions are a proxy for seeing the vendors BC work in action. Example: Do you have certified BC professionals on staff or under contract? Make the Questions Empirical Questions should lead to a point system of some kind. Yes/ No questions or numeric questions are the most effective. Example: How many disaster recovery exercises do you undertake per year? 0 = zero points / 1 = one point etc. Having a final number (risk number or points) makes it easy to convey relative risk of selecting that vendor. Focus on Risks You Care About Start with questions in areas that are a priority to your enterprise. Example: How frequently is our customer data that you use backed up? Create contractual language terms so that they must tell you when they have an outage. Automate Later Start with a few or one question in each category just to get going and use Word if you have to. Web portals and other automated tools can come later. Special Case IT Vendors Usually associated with critical systems or disaster recovery So Do all software and infrastructure vendors require assessment? Software / System Vendor On premise? (No) XaaS? (Maybe) What about maintenance contracts? Maintenance contracts do NOT equal Reliance
8 What About?... PAS7000 (Supply chain pre-qualification) Supply chain focused Unified Prebuilt Business Continuity is a subset of the questions Questions tend to be non-empirical SOC 2 Controls focused Accounting based Looking Forward Partner with Legal Develop contract language AND remedies Partner with the business process of the vendor Develop Service Level Agreements (SLAs) not just for software! Create Key Performance Indicators (KPIs) canary in the mineshaft! Select re-evaluation points Partner with vendor management area to drive other assessment types Like financial the best plans in the world will not help if the vendor runs out of money.
Ensuring Organizational & Enterprise Resiliency with Third Parties
Ensuring Organizational & Enterprise Resiliency with Third Parties Geno Pandolfi Tuesday, May 17, 2016 Room 7&8 (1:30-2:15 PM) Session Review Objectives Approaches to Third Party Risk Management Core Concepts
More informationPoints of Discussion
Business Continuity Planning Considerations for Business Process Offshoring Todd Litman, CBCP DRJ Spring World March 18, 2013 1 Points of Discussion Business Process Offshoring Benefits & Risks Business
More informationVENDOR RISK MANAGEMENT FCC SERVICES
VENDOR RISK MANAGEMENT FCC SERVICES Introductions Chris Tait, CISA, CFSA, CCSK, CCSFP Principal, Financial Services Baker Tilly Russ Sommers, CPA, CISA Senior Manager, Financial Services Baker Tilly Agenda
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR), which takes effect in 2018, will bring changes
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationVendor Management 101
Vendor Management 101 January 18, 2018 Presented by Branan Cooper Chief Risk Officer at Venminder branan.cooper@venminder.com (502) 909-0325 Session Agenda Vendor risk management why it s required today
More informationWelcome to ICMI s Operations Management Study Course
Welcome to ICMI s Operations Management Study Course Service Level/Response Time We will begin the session shortly. Today s Agenda Service level and response time Service level vs. ASA The planning and
More informationVENDOR MANAGEMENT 101
VENDOR MANAGEMENT 101 Enterprise Risk Management Vendor Management Business Continuity IT GRC Internal Audit Regulatory Compliance Manager Introduction to Vendor Management About Your Presenter Andrea
More informationCoastal Equities, Inc.
Coastal Equities, Inc. Business Continuity Plan Summary Updated On: March 1, 2017 The foregoing is a true and accurate representation of the business continuity steps taken by Coastal Equities, Inc. As
More informationUS Business Continuity Safeguarding Your Business from a Disaster
US Business Continuity Safeguarding Your Business from a Disaster Juanita Hardin BMO Harris Bank Head TPS Risk and Compliance William Simmons BMO Harris Bank Vice President Business Continuity Management
More informationThe Importance of Ongoing Due Diligence
A COMPLIANCE OFFICER S JOB IS NEVER DONE The Importance of Ongoing Due Diligence Live Webinar: August 17, 2017 Presenters Paul Johnson Product Director The Red Flag Group Varun Chandrasekaran Product Manager
More informationBrian Stoner Services Business Continuity Manager Cisco Systems 3530 Hyland Avenue Costa Mesa, CA (714)
Brian Stoner Services Business Continuity Manager Cisco Systems 3530 Hyland Avenue Costa Mesa, CA 92626 (714) 434-2273 brstoner@cisco.com Brian spent the early part of his career in manufacturing and quality
More information2. Services. The Scope of Work is amended by adding additional work. The additional work is detailed in the attached Exhibit A.
AMENDMENT TO THE PERSONAL SERVICES AGREEMENT Amendment No. 4 Agreement #105972/31700039 Project Number: IT14AA This Amendment No. 4 to Personal Services Agreement is entered into effective between the
More information7 Key Trends in Enterprise Risk Management
7 Key Trends in Enterprise Risk Management John Verver, CPA CA, CISA, CMC Kevin Legere, ACDA Presenters John Verver Consultant and Advisor to ACL Kevin Legere Director of Product Design Agenda Excellence
More informationOperational Resilience Measure and Report
Operational Resilience Measure and Report 26 Sept 2017 Lewis McKenzie Andrew Charlton Evolution of Resilience Regulation Regulatory Challenge Board accountability for critical infrastructure. Requirement
More informationUn-classified. Date Monday 22 August 2011 Clearance of internal audit recommendations
Meeting Paper title Executive Team Date Monday 22 August 2011 Clearance of internal audit recommendations Agenda item 5.0 Discussion time Purpose of paper Discussion / information [If a decision you must
More informationProven Strategies for Overcoming Business Continuity Challenges for Healthcare Organizations
Proven Strategies for Overcoming Business Continuity Challenges for Healthcare Organizations Kathy Lee Patterson, CBCP Business Continuity & Disaster Recovery Manager Children's Hospital of Philadelphia
More informationCiti Institutional Clients Group - Business Continuity Management
Citi Institutional Clients Group - Business Continuity Management Enterprise Risk Management Establishing a Risk Control-based Continuity Program, CBCP, CBCP Senior Vice President, Citi Institutional Clients
More informationA Practical and Effective Approach to Risk Assessment
A Practical and Effective Approach to Risk Assessment IT Risk Assessment Case Study Portions of this presentation are from a 2007 & 2008 FFIEC Technology Conference presentation to bank examiners. Special
More informationImproving Customer Satisfaction with better Supply Chain Management
Improving Customer Satisfaction with better Supply Chain Management 16 November 2012 Patsy Cheng 1 Today Agenda Introduction of Supply Chain (SC)& Supply Chain Management (SCM) Supply Chain Risk Introduction
More informationInnovations in Business Continuity Planning
Innovations in Business Continuity Planning An Adaptive Business Continuity Primer 15th Annual Objective and Definition You don t have to follow accepted practices There are NEW and INNOVATIVE ways to
More informationBUSINESS CONTINUITY MANAGEMENT
Loss Control BUSINESS CONTINUITY MANAGEMENT Preparing for the Unexpected Preparing your organization for a disaster can be an overwhelming task, but the risk of being unprepared can be even more devastating.
More informationIntroduction to IT Governance. IT Governance CEN 667
Introduction to IT Governance IT Governance CEN 667 1 Lectures Schedule Week Topic Week 1 Introduction to IT governance Overwiev of Information Security standards - ISO 27000 series of standards Week 2
More informationBC & RISK MANAGEMENT: CONVERGENCE IS REAL David Halford Forsythe Solutions Group Frank Perlmutter Strategic BCP
BC & RISK MANAGEMENT: CONVERGENCE IS REAL David Halford Forsythe Solutions Group Frank Perlmutter Strategic BCP WHY THE CONVERGENCE OF BUSINESS CONTINUITY & RISK MANAGEMENT? The convergence of BC and RM
More informationCITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide
CITIBANK N.A JORDAN Governance and Management of Information and Related Technologies Guide 2018 Table of Contents 1. OVERVIEW... 2 2. Governance of Enterprise IT... 3 3. Principles of Governance of Enterprise
More informationSolution Track 5. Managing Vendor Risk and Contingency Plans. March 26, Strategic BCP, Inc. All rights reserved. strategicbcp.
Managing Vendor Risk and Contingency Plans Terence Lee Solution Track 5 March 26, 2017 Strategic BCP, Inc. All rights reserved. strategicbcp.com 1 Agenda: 60 Minutes Introduction What is Third Party Vendor
More informationSTEPS FOR EFFECTIVE MANAGEMENT OF VENDOR AND SUPPLIER CYBERSECURITY RISKS. April 25, 2018 In-House Counsel Conference
STEPS FOR EFFECTIVE MANAGEMENT OF VENDOR AND SUPPLIER CYBERSECURITY RISKS April 25, 2018 In-House Counsel Conference Presenters: Daniela Ivancikova, Assistant General Counsel, University of Delaware Evan
More informationFast-Track to a Digital Platform to Improve Utilities Customer Engagement
SAP Brief SAP Extensions SAP Self-Service Accelerator for Utilities by SEW Fast-Track to a Digital Platform to Improve Utilities Customer Engagement SAP Brief Meet utility customer demand for digital Customer
More informationBCP Methodology Benefits realisation
www.pwc.com.cy BCP Methodology Benefits realisation Risk Assurance Consulting (RAC) Risk Assurance Consulting (RAC) helps management to make well informed decisions. The insight and independent assurance
More informationBusiness Continuity & IT Disaster Recovery
Business Continuity & IT Disaster Recovery DONALD L. SCHMIDT, ARM, CBCP, MCP, CBCLA, CEM PREPAREDNESS, LLC MARCH 30, 2017 www.preparednessllc.com What are Business Continuity & IT Disaster Recovery? BUSINESS
More informationWork Plan March 2015
2015-2016 Work Plan March 2015 Page 2 Responsibility The Auditor General is appointed by Regional Council and is responsible for assisting the Council in holding itself and the Municipality s administrators
More informationBusiness Continuity Management for Singapore s Logistics Sector. By Singapore Business Federation and Singapore Logistics Association
Business Continuity Management for Singapore s Logistics Sector By Singapore Business Federation and Singapore Logistics Association Are You Ready? In today s highly connected business landscape, disruptions
More informationAccounts Payable Service Center. Johns Hopkins Enterprise Service Level Agreement
Accounts Payable Service Center Johns Hopkins Enterprise Service Level Agreement Agreement Published Date: 01/01/2007 Agreement Period of Performance: 10/01/2016 Service Level Agreement Contents GENERAL
More information_ PRODUCT OVERVIEW EFFECTIVE AUGUST 6, 2018 PRODUCT OVERVIEW
ServiceNow Applications PRODUCT OVERVIEW Activity Designer Activity Packs Agent Intelligence Agile Development Application Portfolio Asset Audit Basic Case Case and Knowledge (Formerly: HR Service ) Change
More informationEnabling a Comprehensive Platform for BCMP that integrates People, Process and Technology
Enabling a Comprehensive Platform for BCMP that integrates People, Process and Technology TM Overview Perpetuuiti provides an intelligent, end-to-end automated approach towards Business Continuity Planning
More informationIntelligent automation and internal audit
Intelligent automation and internal audit Adding value through governance, risk management, and controls Second article in the series kpmg.ch Contents Governing intelligent automation across the enterprise
More informationPreparing for a FINRA Cycle Examination
Preparing for a FINRA Cycle Examination This is another installment in our What to Expect webcast series on FINRA s regulatory processes. In this one, we focus on what your firm can expect during a FINRA
More informationStrategic Planning: Setting the Course for the Agency
Strategic Planning: Setting the Course for the Agency Board Training Facilitation Guide ROMA Principles & Practices for Community Action Agency Boards Created through the Partnership s Organizational Standards
More informationCompliance Solutions. Beyond your walls: Enhanced tools to track and manage vendor relationships
Compliance Solutions Beyond your walls: Enhanced tools to track and manage vendor relationships When it comes to compliance, you hold your organization and its employees to high standards. Now Compliance
More informationRFP NO A CONTRACT FOR THE PROCUREMENT AND INSTALLATION OF AN ENTERPRISE RESOURCE PLANNING SYSTEM PART V. EVALUATION CRITERIA AND PROCESS
1.0 OVERALL PROPOSER EVALUATION CRITERIA 1.1 OVERALL PROPOSER EVALUATION AND CRITERIA The evaluation committee will select a best solution based on a weighted scoring system. The following table presents
More informationCarahsoft End-User Computing Solutions Services
Carahsoft End-User Computing Solutions Services Service Description Horizon View Managed Services Gold Package Managed Services Packages Options # of Desktops to be Managed Desktop Type Duration of Services
More informationVendor Management Challenges and Expectations An Open Discussion April 13, 2017
1 Practical solutions driving tangible results Vendor Management Challenges and Expectations An Open Discussion April 13, 2017 Agenda Common Themes Discussion Expectations Overcoming Obstacles Common Comments
More informationSESSION 607 Thursday, April 14, 2:45pm - 3:45pm Track: Metrics and Measurements. The Good, Bad and Ugly of Service Desk Metrics. Session Description
SESSION 607 Thursday, April 14, 2:45pm - 3:45pm Track: Metrics and Measurements The Good, Bad and Ugly of Service Desk Metrics Gary Case Principal Consultant, Pink Elephant g.case@pinkelephant.com Session
More informationBP3: Decomposing the Crisis/ Incident Management Timeline
BP3: Decomposing the Crisis/ Incident Management Timeline Eric Staffin, MBCI, CISSP VP and Global Head, Product & Infrastructure Risk Management Investment & Advisory 646 223 6980 eric.staffin@thomsonreuters.com
More informationCGEIT ITEM DEVELOPMENT GUIDE
CGEIT ITEM DEVELOPMENT GUIDE Updated March 2017 TABLE OF CONTENTS Content Page Purpose of the CGEIT Item Development Guide 3 CGEIT Exam Structure 3 Writing Quality Items 3 Multiple-Choice Items 4 Steps
More informationEnterprise RDC Risk Management
Enterprise RDC Risk Management Ken Gross, Regions Bank Mary Hockridge, Mobile Strategy Partners September 26, 2013 Be sure to tweet about the #RDCSummit and mention @RDCTweet Agenda Industry Perspective
More information1.0 PART THREE: Work Plan and IV&V Methodology
1.0 PART THREE: Work Plan and IV&V Methodology 1.1 Multi-Faceted IV&V Methodology Large, complex projects demand attentive and experienced IV&V and project management support to meet expectations. Monitoring
More informationRequest for Proposal For: 2018 American Bar Association Temporary Services
Table of Contents Bid Timetable [2] 1.0 General Bid Information [3] 2.0 Proposal Requirements [5] 3.0 Criteria for Selection [7] 4.0 Specifications and Work Statement [7] Appendix A: Bidder Response Sheet
More informationRFQ ATTACHMENT V: RESPONSE TEMPLATE
Instructions are provided in blue and may be deleted. Please complete your response in the template provided, and indicate clearly where separate documents are provided. Executive Summary 1. Applicant
More informationSupplier Risk Management. Do You Really Have the Right Level of Visibility to Minimise Risk?
Supplier Risk Management Do You Really Have the Right Level of Visibility to Minimise Risk? Contents 3 4 Introduction What Kind of Risk Are We Talking About? 5 How Do You Manage Such a Diversity of Risk?
More informationSLA Defined Metrics as a Tool to Manage Outsourced Help Desk Support Services
Association for Information Systems AIS Electronic Library (AISeL) AMCIS 2011 Proceedings - All Submissions 8-5-2011 SLA Defined Metrics as a Tool to Manage Outsourced Help Desk Support Services David
More informationPOSSE System Review. January 30, Office of the City Auditor 1200, Scotia Place, Tower Jasper Avenue Edmonton, Alberta T5J 3R8
1200, Scotia Place, Tower 1 10060 Jasper Avenue Edmonton, Alberta T5J 3R8 edmonton.ca/auditor POSSE System Review January 30, 2017 The conducted this project in accordance with the International Standards
More informationBest Practices: Vendor Risk Questionnaires PROCESSUNITY WEBINAR SERIES
Best Practices: Vendor Risk Questionnaires PROCESSUNITY WEBINAR SERIES Today s Presenters Tom Garrubba Senior Director Shared Assessments Bryan Burnhart Head of Strategic Alliances ProcessUnity Ed Thomas
More informationSTRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES. September 2017
STRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES September 2017 Your presenters Nancy Aubrey Partner Boston, MA Nancy.aubrey@rsmus.com Rick Shriner Principal McLean, VA Rick.shriner@rsmus.com 2 Agenda
More informationL44: Taking BCP to BCM. Victoria D. Leighton Avanade, Inc.
L44: Taking BCP to BCM Victoria D. Leighton Avanade, Inc. AGENDA Part I: Critical steps from BCP to BCM Part II: Gaining buy-in from Executive Management Part III: Rolling out the process Enterprise wide
More informationKey TSA provisions your M&A team needs to know now
Key TSA provisions your M&A team needs to know now March 2018 kpmg.com 1 1 Companies are increasingly focusing on a rigorous Transition Service Agreement (TSA) as a key component in creating deal value.
More informationIT events and training at ramsac
IT events and training programme 2019 IT events and training at ramsac At ramsac we run a wide range of training courses and events to meet the needs of individuals working in business, not for profit
More informationHow to disasterproof critical. business data. 5 steps for keeping systems online and accessible in any scenario.
How to disasterproof critical business data 5 steps for keeping systems online and accessible in any scenario. The growth of DRaaS The tremendous growth of software as a service (SaaS) continues, while
More informationService Option Attachment - Acquired from an IBM Business Partner - Enhanced Technical Support for IBM i
Service Option Attachment - Acquired from an IBM Business Partner Enhanced Technical Support for IBM i This Service Option Attachment (SOA) specifies an optional service selected by you on the Schedule
More informationRequest for Qualifications to Participate in Better Beginnings, Bigger Impact A LIFT Initiative
Request for Qualifications to Participate in Better Beginnings, Bigger Impact A LIFT Initiative 1. Overview Better Beginnings, Bigger Impact is a new initiative by LIFT Philanthropy Partners, with funding
More informationBusiness Continuity Management An Auditor s Perspective July 25, 2017
NASPL 2017 Professional Development Seminar Nashville, TN Business Continuity Management An Auditor s Perspective July 25, 2017 Presented by Mark Caiazzo, Principal Agenda Business Continuity Process BCM
More information27.1 Purpose and Overview
Page: 1 of 10 SUB 27.1 Purpose and Overview 27.2 Definitions 27.3 Forms 27.4 Roles and Responsibilities 27.5 Contractor Performance Evaluation Form 27.6 Interim Evaluations 27.7 Procedure Pre-Qualification
More informationAn Overview of the AWS Cloud Adoption Framework
An Overview of the AWS Cloud Adoption Framework Version 2 February 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes
More informationRecovery Contract Negotiations. NEDRIX 2/24/04 Cliff Leavitt CBCP Sr Mgr BC / DR Staples
Recovery Contract Negotiations NEDRIX 2/24/04 Cliff Leavitt CBCP Sr Mgr BC / DR Staples 1 Presentation Objectives Importance of vendor relationship How to pick a vendor RFP considerations Evaluating RFP
More information27.1 Purpose and Overview
Page: 1 of 10 27.1 Purpose and Overview 27.2 Definitions 27.3 Forms 27.4 Roles and Responsibilities 27.5 Contractor Performance Evaluation Form 27.6 Interim Evaluations 27.7 Procedure Pre-Qualification
More informationCGEIT QAE ITEM DEVELOPMENT GUIDE
CGEIT QAE ITEM DEVELOPMENT GUIDE TABLE OF CONTENTS PURPOSE OF THE CGEIT ITEM DEVELOPMENT GUIDE 3 PURPOSE OF THE CGEIT QAE... 3 CGEIT EXAM STRUCTURE... 3 WRITING QUALITY ITEMS... 3 MULTIPLE-CHOICE ITEMS...
More informationThird Party Risk Management ( TPRM ) Transformation
Third Party Risk Management ( TPRM ) Transformation September 20, 2017 Internal use only An introduction to TPRM What is a Third Party relationship? A Third Party relationship is any business arrangement
More informationPut tools and processes in place to add objectivity to what is mostly a subjective process. p. 4
TECH LINE CONTACT CENTER PIPELINE NOVEMBER 2015 TECHNOLOGY SELECTION AT TODAY S SPEED BY Brian Hinton & Ken Barton, Strategic Contact Inc. Put tools and processes in place to add objectivity to what is
More informationEXIN ITIL Exam Questions & Answers
EXIN ITIL Exam Questions & Answers Number: ITIL Passing Score: 800 Time Limit: 120 min File Version: 37.4 http://www.gratisexam.com/ EXIN ITIL Exam Questions & Answers Exam Name: ITIL V3 Foundation Exam
More informationSpecimen induction pack for academy trustees/directors
Guidance note Specimen induction pack for Contents: Introduction Overall purpose Induction design Specimen induction pack April 2015 Introduction This ICSA guidance note is aimed at trustees/directors/governors
More informationHR/Payroll Shared Services Service Level Agreement. December 1, 2017
HR/Payroll Shared Services Service Level Agreement December 1, 2017 Table of Contents Purpose... 2 Future reviews and amendments to this Service Level Agreement... 2 Objectives of the Service... 2 Service
More informationCould (and should) you be looking proactively at data to find corruption?
Could (and should) you be looking proactively at data to find corruption? Ethical and Efficient Corruption Detection for Governmental Agencies and Corporations Introduction by: Jennifer Rodgers Roy Pollitt
More informationTEACHING CASE: USING SLA METRICS AND A COMMUNICATIONS PLAN TO MANAGE OUTSOURCED IT SERVICES
Association for Information Systems AIS Electronic Library (AISeL) 2013 Proceedings SIGED: IAIM Conference 12-2013 TEACHING CASE: USING SLA METRICS AND A COMMUNICATIONS PLAN TO MANAGE OUTSOURCED IT SERVICES
More informationBusiness Resilience: Equipping the FM for Success
Business Resilience: Equipping the FM for Success CEUs & CFM Maintenance Points You are eligible to receive Continuing Education Units and Certified Facility Manager maintenance points for attending sessions
More informationStrengthening Supplier Relationships Through Comprehensive Audit Planning. Katherine Lynn 2004 American Quality Congress
Strengthening Supplier Relationships Through Comprehensive Audit Planning Katherine Lynn 2004 American Quality Congress Interactive Session Sharing All of our Knowledge Supplier Auditing Experience All
More informationFulfilling CDM Phase II with Identity Governance and Provisioning
SOLUTION BRIEF Fulfilling CDM Phase II with Identity Governance and Provisioning SailPoint has been selected as a trusted vendor by the Continuous Diagnostics and Mitigation (CDM) and Continuous Monitoring
More informationInfrastructure Hosting Service. Service Level Expectations
November 2016 Shared Infrastructure Service TOC Service Level Expectation Documents Cloud Premier Data Center Hosting Cloud Essentials Public Cloud Brokerage Managed Database Raw Storage Cloud Premier
More informationBY TED BROWN, CBCP CBCV MBCI PRESIDENT & CEO KETCHCONSULTING BCI USA BOARD MEMBER CPM HALL OF FAME
Conducting a Business Continuity Plan Audit BY TED BROWN, CBCP CBCV MBCI PRESIDENT & CEO KETCHCONSULTING BCI USA BOARD MEMBER CPM HALL OF FAME KETCHConsulting: WHAT DO WE DO? Executive Justification of
More informationCase Study: Children s Commissioning Consortium Cymru
Children s Commissioning Consortium Cymru The promotion and support of excellence in social services in Wales has for many years been the agenda of the Welsh Government. When the Social Services Improvement
More informationWHITE PAPER HR Tech Implementation Checklist
WHITE PAPER HR Tech Implementation Checklist 2 HR Tech Implementation Checklist WHITE PAPER Executive Summary HR software plays an integral part in how a business operates every employee in your organization,
More informationService Level Agreements & IT Contracts
OFFER 32 FOR Save up to $1000 by booking early! Service Level Agreements & IT Contracts Attend The Course And Receive SLA Templates, Examples And Checklists For Tendering And Procurement Processes On This
More informationENTERPRISE OPERATIONS SERVICES
ARIS CLOUD ENTERPRISE OPERATIONS SERVICES TABLE OF CONTENTS 1 Introduction 2 Operations services 7 Security services 7 Additional services 8 users & stakeholders 9 For more information ARIS Cloud is a
More informationBest Practices in Mobile Workforce Management
Best Practices in Mobile Workforce Management Best Practices in Mobile Workforce Management By planning, executing and monitoring long-term trends and short-term, dynamic events, you can address the full
More informationAttachment B Statement of Work
Attachment B Statement of Work Statement of Work 1 Section 1 Overview... 4 1.1 Definitions... 4 1.2 Contract Objectives... 4 1.3 System Overview... 4 Section 2 Project Governance Structure and Staffing
More informationEffective vendor management. Darren Bourke Service Delivery Manager Monash University
Effective vendor management Darren Bourke Service Delivery Manager Monash University Twitter: @darrenbourkesdm What are the current challenges with Vendor Management? Communication Performance Availability
More informationREQUIREMENTS QUESTIONNAIRE & CHECKLIST
REQUIREMENTS QUESTIONNAIRE & CHECKLIST June 2016 REQUIREMENTS QUESTIONNAIRE & CHECKLIST Your Preferred Source for IT Acquisition Across the DoD 1 Table of Contents 1. Requiring Organization - 2. Requiring
More informationProtecting Information Assets - Week 9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 9 - Business Continuity and Disaster Recovery Planning MIS5206 Week 9 Case study discussion Business Continuity Planning (BCP) and Disaster Recovery (DR) Planning Test
More informationNavigating the New Health Economy
Navigating the New Health Economy How non-traditional healthcare players are using the HITRUST CSF to drive their security programs forward Speakers Dennis Quandt Risk Assurance Director, PwC Boston, MA
More informationBusiness Impact Analysis in the process of business continuity management
Business Impact Analysis in the process of business continuity management Josef Krahulec, Ing. Miroslav Jurenka, Ing. PhD University of Defence, Brno, Czech Republic Introduction The article deals with
More informationSub-section Content. 1 Preliminaries - Post title: Head of Group Risk - Reports to: CRO - Division: xxx - Department: xxx - Location: xxx
Sub-section Content 1 Preliminaries - Post title: Head of Group Risk - Reports to: CRO - Division: xxx - Department: xxx - Location: xxx 2 Job Purpose - To assist in the maintenance and development of
More informationDavid Nolan, CEO Fusion Risk Management, Inc.
David Nolan, CEO Fusion Risk Management, Inc. Business Continuity Risk Management ( BCRM ) What Defining BCRM Why Justifying BCRM Who Organizing BCRM Roles How Establishing a BCRM Process When Sustaining
More informationRDC Audit & Compliance: Lessons from the Battlefield
RDC Audit & Compliance: Lessons from the Battlefield Kevin Olsen, AAP, NCP Payments Space Advisors September / October 2, 2014 Be sure to tweet about the #RDCSummit and mention @RDCTweet Disclaimer This
More informationSoftware Channel Survey 2009
Software Channel Survey 2009 www.avangate.com Overview To have a clearer picture of how ISVs are coping with the economic downturn, Avangate conducted a survey (Mar-May 2009) focusing on the software channel.
More informationEffectively Communicating Enterprise-Wide Business Continuity to Senior Management and Stakeholders. October 7, 2014
Effectively Communicating Enterprise-Wide Business Continuity to Senior Management and Stakeholders October 7, 2014 Agenda Background Program Elements What Makes it Enterprise-wide Recommended Strategies
More informationSourcing Optimization Series
Sourcing Optimization Series Part I - Contractor Consolidation Deepak Deb, Virat Bhartiya The boom years following the 2000 2001 economic slowdown witnessed significant growth in the use of third-party
More informationFrameworx 11 Certification Report Business Process Framework Release 9.0
Frameworx 11 Certification Report Business Process Framework Release 9.0 cvidya MoneyMap Release 6.5 October 2011 TM Forum 2011 Table of Contents Table of Contents... 2 List of Tables... 3 List of Figures...
More informationBusiness Continuity 101. Fairchild Resiliency Systems
Business Continuity 101 Fairchild Resiliency Systems Business Continuity Business Continuity (BC) is defined as the capability of the organization to continue delivery of products or services at acceptable
More informationTransparency International UK Business Integrity Forum 1 (BIF) Due diligence and related procedures 2017
Transparency International UK Business Integrity Forum 1 (BIF) Due diligence and related procedures 2017 1. Introduction Transparency International UK (TI-UK) has a long-standing commitment to working
More informationSHIFTING TO THE CLOUD: UNDERSTANDING IT INVESTMENT MANAGEMENT BEYOND YOUR DATA CENTER WALLS
1 SHIFTING TO THE CLOUD: UNDERSTANDING IT INVESTMENT MANAGEMENT BEYOND YOUR DATA CENTER WALLS KATHERINE FORE JENNIFER MCGILL CAROLINAS HEALTHCARE SYSTEM AHIA 35th Annual Conference September 11-14, 2016
More informationImaging Services For Customers
Imaging Services For Customers May /2012 Content What are Imaging Services? Customer Challenges what drives investment in document imaging? Benefits Business areas impacted by Document Imaging Why outsource?
More information