How to Respond to an Audit or Exam Finding
When you get a finding, how can you respond most effectively? Here are six tips.
Thanks for visiting our
Tandem Blog
Get our blog posts straight to your inbox.
You have been successfully subscribed to our newsletter.
What Not to Write: 5 Common Policy Writing Mistakes
The purpose of this article is to put policies into a 360-degree mirror and shed some light on a few areas which may need a little care.
The Vendor Manager’s Guide to Subcontractor Risk Management
Through the vendor management process, you take steps to make sure your vendors are secure and resilient, but what about their third parties? Do your vendors hold their subcontractors to the same standard of excellence? How can you know?
12 Simulated Phishing Templates to Cover Your Calendar Year
It can be difficult to muster up the creativity for something relevant month after month. In this article, we offer a phishing template and theme for each month of the year to help inspire you for your next phishing test campaign.
A Complete History of the FFIEC CAT
The purpose of this article is to provide a comprehensive timeline of the FFIEC CAT and how its implementation has changed over the years.
Top Risk Assessment Software Features to Consider Before You Buy
This article will look at the top features to consider when evaluating an information security risk assessment software solution, including elements related to inherent and residual risk calculation, inventory and prioritization of assets, risk response, and reporting.
The OCC’s New Cybersecurity Supervision Work Program
Let’s understand the OCC's new cybersecurity supervision work program more clearly by looking at five things we think community banks should know about the new exam procedures.
What’s Next for the FFIEC CAT?
A decade since the CAT’s foundations were first put into place, the question must now be asked: What’s next? Will the CAT be updated? Will the CAT be replaced? While we can’t predict the future, here are six factors which may influence what’s next for the FFIEC CAT.
Top Policies Software Features to Consider Before You Buy
In this article, we will look at the top features to consider when evaluating a policies software solution, including features related to policy wording and structure, custom policies and categories, creating an acceptable use policy, download documents, and more.
Reportable Cyber Incidents: An Overview of the NCUA’s New Notification Rule
In this article, we take a look at the new National Credit Union Administration (NCUA) Board unanimously approved a rule titled “Cyber Incident Notification Requirements for Federally Insured Credit Unions” and determine how we got here, what the final rule says, and what credit unions need to do in response.
New Third-Party Risk Management Guidance: What Community Banks Need to Know
Three of the federal banking agencies published new guidance on Third-Party Relationships: Risk Management. Here are eight things community banks need to know about it.