Is Your Vendor Prepared for Disruption?

Other Vendor Management courses through Compliance Education Institute

Web-based ... Self-paced ... On demand

The increased regulatory focus on third party oversight programs has created a growing demand for professionals with specialized expertise in building and managing compliant vendor management programs.


You might be prepared for a business disruption but how prepared is your Vendor? Most banks collect a vendor’s Business Continuity Plan (BCP) and DR Test Results and are satisfied if they see that the vendor has passed and has a Return-to-Operational (RTO) time that meets the bank’s requirements. But, there’s much more to knowing whether your vendor is prepared for a disruption.

The February 5, 2015, FFIEC Guidance “Appendix J: Strenthening the Resilience of Outsourced Technology Services” discusses the process and procedures within your vendor management program that should strengthen Vendor Business Resilience. However, it only states that you should ensure that the vendor’s plan is effective through Due Diligence and never tells you what to look for. 

This course picks up where the Guidance leaves off and gives you the tools you need to determine whether the vendor’s BCP is in fact feasible.  Even if you do not receive the vendor’s BCP, the ScoreCard within the course provides a full set of questions that you can ask of the vendor to determine the feasibility.

Time Required: 2+ hours, including 25 question final exam

CPE Eligible: CRCM credits pending; 2 credits CPE (RISC Associates)

Cost: $479 per enrollment

You Will Receive: Vendor BCP Scorecard

Register Online Form


Vendor management staff, IT staff, COO, CIO, BCP/DR team, and compliance and risk staff.


  • FFIEC Guidance requirements for a Business Continuity Plan
  • Benefits of ensuring that your vendor’s BCP is sound
  • Feasibility analysis of the vendor’s BCP, including:
    • Purpose and Objective
    • Components of the Plans
    • Adequacy of Risk Mitigation Strategies
    • Geographic Diversity
    • Policies, Standards and Processes
    • Training of Personnel
    • Alternatives for Independent Components and Stakeholders
    • Maintaining the Plan
    • Auditor Involvement
  • Identification of Single Points of Failure (SPOF)
  • Test Plan Objectives
  • Outsourcing the Business Continuity Function (DR Site Outsource)
  • “What If…” Scenarios


R.I.S.C. Associates/Compliance Education Institute (CEI) – CEI is the education division of RISC Associates, a leading regulatory compliance consultancy with deep expertise in GLBA 501(b). Leveraging its more than 30 years of banking, compliance and information security expertise and field experience, RISC has put together a series of educational courses offered through its CEI division to help bankers better prepare for the compliance issues that they deal with on a daily basis.

Register Online Form

Questions: NYBA Professional Development at (212) 297-1679 or