Logo

Security
through COM

To keep business processes running smoothly we depend on third-party arrangements, which is why associated risks must be minimised. The process of the Central Outsourcing Management (COM) helps the departments or branches to identify, measure and manage risks related to third-party arrangements. The departments are responsible for monitoring the service providers and are supported by a COM tool.

Third-party arrangements are an integral part of DZ BANK's day-to-day work - to keep business processes running smoothly, we depend on all of you. Therefore, so-called outsourcing risks have to be identified and reduced.

This is why DZ BANK has established the Central Outsourcing Management, or COM for short, together with a clearly defined process. Outsourcing risks can take many forms: for example service providers’ non-compliance with legal and/or contractual requirements, failing or poor-quality services, or even the loss of core competences in the company. Assessing and preventing these risks is the focus of the COM process. In the DZ BANK, this is the responsibility of Third-Party Arrangement Managers, or TPAMs for short. They may work in various departments and have different roles. What they all have in common is that they commission and manage third-party arrangements. For TPAMs, this often raises the following questions:

  • Which departments need to be involved?
  • What contractual content is required?
  • How does the COM process work?
  • Does it apply only to “typical” outsourcing or to IT procurement as well?
  • Who can help with commissioning a service provider?

TPAMs are unsure when they have to initiate the process and how much effort will be involved. It’s very simple: The user navigation feature of the COM tool minimises complexity and time spent on the process. The Central Outsourcing Management supports TPAMs in several ways; via email, an Intranet guide and a hotline, training is also available. The process itself is divided into two steps:

Step one: Third-party arrangement initiation. This covers all activities which are carried out before the contract is concluded: A preliminary analysis that focusses primarily on regulatory and strategic aspects, a comprehensive risk analysis and due diligence. At this stage, depending on the service, the following departments may have to be involved; compliance, corporate security, data protection or information security. A final approval by management is needed before a contract is signed. However, the process is not finished once the contract is signed.

Step two, or “ongoing provider management”, ensures that the quality of the service is guaranteed. The TPAMs are again supported by the COM tool and, if necessary, by a central provider manager within DZ BANK. The main responsibility, however, still lies with the TPAM of the contracting department.