1. How does the new system work?

The dbTPRM system can be accessed through an online portal.

2. Are there any costs associated with the new system?

No, dbTPRM is free for you to use for the purpose of Vendor Risk Management.

3. What do we do if we do not wish to submit evidence electronically (due to sensitivity)?

In such circumstances, it may be possible for us to arrange for particularly sensitive evidence to be presented via online screen sharing session.

4. Is it possible to upload password protected files?

Yes, dbTPRM will accept password protected files (passwords can be supplied via another medium).

5. How many controls will we need to evidence?

The precise number of controls requested will be determined by the risk profile of the service and whether you have any control previously reviewed and rated effective which can be leveraged. The control review process has been made proportional to allow our third parties to attest rather than aways requiring evidence to be provided.

6. Will we be able to use the same evidence for more than one control?

Yes, it will be possible to use the same evidence for multiple controls, providing that the evidence satisfies each control requirement. We work with our internal risk type controllers to ensure that where controls overlap, we avoid redundant questions and only ask for the evidence once.

7. What happens once we have provided our evidence?

The evidence will be reviewed by the appropriate assessor, and you will be able to track the progress through the system. Should any issues arise, we will work with you to address them.

8. Where can I get more information?

If you would like to speak to someone, your first point of contact is your usual Deutsche Bank representative or send queries to vendor.support@db.com.