Salus GRC provides comprehensive service provider due diligence services on behalf of investment firms. Our multi-disciplinary capabilities allow us to provide integrated cybersecurity, compliance and operational due diligence programs that manage service provider risk across your entire service provider portfolio with no gaps and no duplication of effort. Our service provider and vendor assessment services address multiple regulatory concerns including:
- Cybersecurity risk assessments for service providers with access to adviser or fund information systems or sensitive information
- Compliance and operational due diligence for outsourced service providers
- Service provider monitoring and oversight
These services are available as a unified process or as individual services depending on client requirements.
We deliver service provider assessments as a turnkey managed service that allows our clients to focus on their core responsibilities, delivering maximum insight with minimal burden. Our team is responsible for keeping your program on track by gathering information from your service providers, tracking their progress, reviewing provided documentation and summarizing risk information and recommendations into easily digestible and actionable executive summaries supported by detailed recommendations. We review these findings with our clients to discuss business impact, develop a plan of action for any required remediations and draft recommended follow-up correspondence.
Service provider information is gathered and recorded through our secure online platform and accompanied by NDAs where requested, ensuring service provider and client confidence in confidentiality. Our platform tracks previously submitted information, providing the ability to compare results over time and to prepopulate select information for service providers leading to improved response rates.
Our experienced consultants review and analyze all vendor provided data, including questionnaire responses, interview findings, policy documents, certifications and audit reports. Vendor provided information may be supplemented with public source intelligence. This broad approach encompasses both technical and administrative controls and an analysis of service providers’ protocols and policies in accordance with regulator expectations.
Our proven process
- Set criteria for service providers scoped for each type of diligence (cybersecurity, compliance, operational)
- Inventory existing covered service providers
- Establish pre-onboarding review procedures for new service providers
- Conduct ongoing monitoring of existing service providers and pre-onboarding diligence of new service providers
- Track service provider progress and risk ratings
- Provide ongoing feedback and updated evaluations in the event of material changes
Custom Program Development
For clients with specialized needs, our team is available to help clients in designing, implementing and managing customized service provider management policies and procedures. Common areas of custom plan development include:
- Service provider approval and onboarding processes including key stakeholders, required approvals (finance, IT, legal, etc.), and contract requirements (confidentiality, cybersecurity controls, breach notifications, privacy, insurance, etc.).
- Customized questionnaires and information requests.
- Tailored service provider classification criteria for determining criticality and due diligence requirements.
- Service provider performance measurement.
- Service provider inventory tracking including key data points such as service provider category, internal owner, criticality, data types held, etc.
Resources
Our team of professionals is consistently researching and expanding their knowledge to share insights and best practices with the industry.
Upcoming Events
Stay ahead of the curve with Salus GRC's thought leaders! Explore our upcoming webinars, live events, and panels featuring industry experts. Access past event recordings and on-demand webinar content at your convenience. Gain valuable insights and stay informed about the latest trends and best practices in governance, risk, and compliance.