Risk Advisories

Overview of Risk Advisories

Risk Advisories provide actionable insights into relevant news, public disclosures, or events that could affect a company’s risk profile. They are designed to keep you informed about developments impacting the confidentiality, integrity, and availability of information, as well as compliance, operational, financial, and other key risk factors associated with your onboarded vendors and their subservicers.

Each Risk Advisory includes the following details:

• Title
• Organization it pertains to
• Type and Materiality rating, reflecting the nature and significance of the advisory, described in more detail below.
• Network Exposure, indicating the number of vendors and nth parties impacted
• Link to Source Documentation and its Publication Date
• Optional Statement issued by VISO TRUST providing additional context

Types of Risk Advisories

Risk Advisories are organized into categories to help you quickly understand the nature of the event:

• Security : Events related to the confidentiality, integrity, and/or availability of information being compromised
• Compliance :Incidents involving a failure to meet regulatory compliance requirements, often resulting in fines or legal action.
• Vulnerability: A disclosure of a weakness or flaw in a system that could be exploited to compromise security.
• SEC 8K: A disclosure by a public company of a material security incident through an 8-K filing. These incidents are typically significant enough to impact shareholders’ decisions.
• Legal: Incidents related to legal disputes, lawsuits, or regulatory actions affecting a company’s risk profile.
• Geopolitical: Events driven by geopolitical factors, such as sanctions, international conflicts, or political instability, that could impact a company’s operations or supply chain.
• Financial: Disclosures of financial risks, such as earnings losses, bankruptcy filings, or other material financial issues.
• Operational: Events affecting a company’s operational capacity, such as natural disasters, system outages, or workforce disruptions.

Materiality of Risk Advisories

Materiality is determined through an automated system with human oversight, where each Risk Advisory is qualitatively analyzed and categorized based on the following criteria: an incident is considered material if a reasonable shareholder would likely consider it important when making an investment decision, including its impact on the company’s reputation, customer relationships, competitiveness, and potential litigation or regulatory actions.

Material advisory: An event that a reasonable shareholder would consider important for investment decisions, taking into account the incident’s impact on reputation, customer relationships, competitiveness, and potential litigation or regulatory actions.

Non-Material advisory: An event that does not meet the criteria for materiality but may still be relevant to assess.

Notifications for Risk Advisories

By default, the following users will receive email notifications for Risk Advisories related to onboarded vendors and their known subservicers:

How to View Risk Advisories

You can access all Risk Advisories in the platform by selecting “Risk Advisories” from the main menu on the left-hand sidebar in the app. The advisories are organized into two main views for easy navigation:

• From my network: A tailored view showing only those relevant to your onboarded vendors and their subservicers
• All advisories: A comprehensive list of all Risk Advisories published on the VISO TRUST platform.

Viewing the Risk Network Exposure

To explore the broader network impact of a specific advisory, you can access the Risk Network view in the following ways:

1. From the Risk Advisory detail modal: Click the “View Network” button in the detailed view of the Risk Advisory.
2. From the Risk Advisory list view: Click the “Network Exposure” hyperlink associated with the advisory in the list view.

These options make it easy to dive deeper into the impact of each advisory and understand its relevance to your organization and vendor network.