Constellation provides a patented, secure and flexible cloud-based marketplace that enables upper to mid-tier credit unions and innovative app… More
Constellation provides a patented, secure and flexible cloud-based marketplace that enables upper to mid-tier credit unions and innovative app developers to provide safe, reliable, and next-generation digital financial service experiences while giving the freedom to compete, innovate, and thrive in the financial services industry. Constellation redefines what credit unions offer, delivering digital financial services in a way that enables them to place members at the center of their business strategy. Visit www.constellation.coop to learn more.
About Rochdale Paragon Group’s Vendor Management Framework and Risk-based Scoring
Rochdale Paragon Group (RPG) has a standardized methodology providing a holistic and risk weighted evaluation of third parties. RPG’s vendor program is built off the foundation of the leading third-party standards group, Shared Assessments® for which maintains a best practices approach called the Standard Information Gathering (SIG) questionnaire. RPG’s program builds on these standards to develop a proprietary methodology incorporating criticality and risk evaluations to customize results specifically for credit unions.
RPG’s vendor evaluation includes a standardized evaluation of major control domains and the risk and criticality evaluation for more streamlined comparison and consumption by credit unions. Control domains include such categories as data security, business operations and management, financial strength, etc. Additionally, RPG has instituted a collaborative process in working with vendors to ensure a thorough understanding and potential remediation activities. This does not influence final ratings but assists new vendors in the development of a formal due diligence package and offers improved understanding of potential or planned remediation activities. This approach allows for a rigorous but standardized method and risk ranking for both the credit union and vendors to more effectively and efficiently focus on true business critical issues that can be relied upon by all stakeholders. This does not provide a “good” or “bad” rating, but rather a risk-based view of the potential relationship contextualized by real business critical information. It is a comprehensive and reliable evaluation detailing criticality and specific business risks. It answers the question of, “What should I care about and why?” and provides for formal follow-up and ongoing monitoring for potential changes in the risk posture.
RPG’s framework and vendor risk-based scoring includes a comprehensive set of due diligence materials, but more importantly, an executive summary which provides risk and criticality scoring for each of the control domains and overall scoring along with a specific write-up of the key areas of focus and what risk they may pose. This gives the vendor opportunity to improve critical controls over time and credit unions the ability to identify quickly any potential issues for their own understanding and evaluation, effectively providing a roadmap for making solid business decisions aligned with the credit union’s risk appetite.