A lender’s board of directors and senior management are ultimately responsible for Vendor Management and the risk associated with third-party relationships.
Your third-party relationships are closely examined by your regulators. We understand the significant regulatory risks associated with outsourcing your borrowers’ sensitive information to a third-party vendor. In 2014, Miniter redesigned our entire company to embrace our lenders’ vendor management programs for managing third-party risk.
Our business redesign started with moving to a new facility with state of the art security. We hired network engineers to perform weekly vulnerability tests. We encrypt our data both at rest and in transit. Our employees are constantly training on data security.
Our vendor management initiative is formalizing the following policies:
Compliant Contract Language
- SSAE-16 monitoring our full operational capabilities
- Information Security involving weekly Vulnerability Testing and Remediation
- Encrypted data both in transit and at rest, including email
- Penetration testing including system and employee data attacks
- Annual Business Review data preparation for our lenders
- Business Continuity and Disaster Recovery Plan
- Periodic training of our employees on the following policies:
- Information Security Policy
- Incident Response Plan
Miniter’s compliance department has invested in software that will provide the documentation required by your vendor management program. This information can be pushed to you when policies and procedure are updated, or they can be delivered to you on specified dates in the future. Our clients have reported that this system has reduced their cost of vendor management compliance.
Below you can download our white paper on designing a strong vendor management program.