Vendor Management

Vendor Management Consulting Services

BTG provides three levels of service which are customizable allowing your organization the flexibility to select the level of assistance and support required to efficiently maintain your Vendor Management Program:

  • VM Program and Policy Development
  • Maintenance and Ongoing Support to ensure VM processes are followed and consistent
  • VM Outsourcing in which BTG monitors and performs vendor assessments and due diligence alleviating the challenges to maintain internally

Professional and consulting services available, but not limited to, include:

Vendor Management Program Development & Audit

BTG will provide any or all of the services itemized below. Your Financial Institution determines the level of assistance you require for each. We offer three levels of service:

  • Consulting: One-time or periodic assistance upon request to be billed at actual time and effort
  • Maintenance: Incorporate into an Ongoing Support Contract to work with your staff throughout the year ensuring compliance. Discounted pricing offered
  • Outsourcing: BTG can perform the services below with minimal interaction with your staff and alleviate the burden or supplement your resources and expertise. Discounted pricing offered

We understand each financial institution has different resource needs at any given time. We want to be the trusted and experienced external expertise that your financial institution can turn to.

All of our consultants are trained in regulatory compliance and come with years of experience in the financial industry.

BTG Vendor Management Services:

  • Develop Vendor Oversight Program and Policy Development
  • Vendor risk rating
  • Vendor Risk assessments
  • Technology or Product Risk Assessments
  • GLBA Risk Assessments
  • Annual Disbursement of Vendor due diligence request letters
  • Review and interpretation of vendor SSAE18 or like Security Policies
  • Input and completion of SSAE18 Exceptions and User Control Considerations
  • Review of Vendor’s Privacy statement
  • Review of Contract components
  • Review of Insurance certificates
  • Review of Financial statements
  • Review of Business Continuity and Disaster Recovery plans
  • Review of Incident Response plans
  • Ongoing employee training of Vendor Due Diligence process
  • Ongoing reporting to executive management to ensure due diligence processes are monitored by key management
Vendor Due Diligence Outsource and Support

BTG will perform risk assessments of new vendors and products to define the pertinent due diligence documents with assistance from the financial institution and provide ongoing support for vendor due diligence practices.

Annual/New Vendor reviews include:

  • Disbursement of letters to appropriate vendors
  • Review of Vendor SSAE18 or like Security Policies
  • Review of Vendor for applicable documentation including privacy statement, contract components, insurance certificates, financial statements
  • Review of Security, Disaster Recovery, and Incident response plans
  • Review of existing related Due Diligence Policies and updates
  • Ongoing employee training of vendor due diligence process
  • Ongoing reporting to executive management to ensure due diligence processes are monitored by key management

On-going support for additional products/services include following:

  • Social Media Risk Assessment covering Facebook, Linkedln, Twitter & YouTube
  • Remote Deposit Capture Risk Assessment
  • Mobile Banking Risk Assessment
  • Additional Risk Assessments upon request
  • Vendor Management Support Services
Vendor Oversight and Support

BTG will ensure the financial institution meets Gramm Leach Bliley regulatory requirements and follows best security practices. BTG will interview key employees to identify existing controls and gather critical information. Areas included are:

  • Strategic systems
  • Physical security
  • Physical access
  • Data risk rating and integrity
  • Member confidentiality practices
  • Firewall and related services, hardware and software
  • Software usage, retention and related practices
  • Desktops and other physical devices
  • Network and communication protocol