Docket Entries Since Last Update
NOTE: This court's RSS feed does not list MOTION entries, so Bloomberg Law cannot detect them and thus they will not be listed here. However, motions will be included if you update the docket.
By standardizing third-party risk and performance management processes across the enterprise, an organization can establish a framework of controls and processes to prioritize and manage risks—including unexpected global crises—quickly and be in a good position to manage a successful engagement by:
⃞ capturing prospective relationships prior to the need to engage a third-party to meet a particular need;
⃞ engaging affected stakeholders, including the CCO, information security and privacy officers, risk officer, IT leaders, and business unit leaders who will interact with the third party in the regular course of the engagement as well as during any unusual situations (e.g., natural disaster, pandemic);
⃞ assessing and assigning risk to all parts of the third-party's business and organization;
⃞ establishing performance metrics;
⃞ enforcing risk-based selection; and
⃞ monitoring the relationships.
A critical component of any third-party management program is risk assessment prior to entering a third-party relationship. This review of the level of risk and complexity of every third-party relationship, must factor in:
⃞ the purpose of engaging the third party;
⃞ an assessment of inherent risks for using the specific third party;
⃞ how the arrangement aligns with organization's strategic goals and risk appetite;
⃞ the complexity of the arrangement;
⃞ calculation of potential financial benefits compared to costs to manage the risks;
⃞ any potential impact on other priorities and strategic initiatives;
⃞ the nature of customer interaction between the third party and the organization's customers;
⃞ potential information security implications;
⃞ contingency plans if any changes are warranted due to changes in the financial, governance and social environment;
⃞ application of specific legal or compliance requirements (for example, anti-money laundering, cybersecurity, privacy, sanctions);
⃞ compliance with the organization's corporate policies and practices; and
⃞ adherence to the organization's employment and workforce policies.