My web

Organizational Overview and Shared Processes

Business Process	Process Area	Critical Success Factor	Assessment Area
6.1 Organizational Overview	Not applicable	Not applicable	Servicer Organizational Overview
6.2 Change Management	6.2.1 Project Management	6.2.1.1 Project Management Methodology	Project Lifecycle
			Project Management Team
		6.2.1.2 Project Management Tools	Standard Project Templates
			Project Workflow Tools/Systems
	6.2.2 Process Management	6.2.2.1 Process Management Methodology	Business Process Management Methodology
			Change Control
		6.2.2.2 Process Management Tools	Process Documentation Management
			Business Process Validation
6.3 Enterprise Risk Management	6.3.1 Compliance	6.3.1.2 Regulatory Compliance	Compliance and Regulatory Change Management
			LDP/GSA/SCP Lists
	6.3.2 Internal Audit	6.3.2.1 Internal Audit Activities	Internal Audit Policies and Procedures
			Internal Audit Reporting and Communication
		6.3.2.2 Internal Controls	Internal Control Framework
	6.3.3 Operational Risk Management	6.3.3.1 Quality Assurance Control Measures	QA Annual Evaluations and Escalation Processes
			Operational Risk Management Remediation
		6.3.3.2 Operational Risk Management Framework	Operational Risk Identification and Assessment
			Operational Risk Measurement and Mitigation
			Risk Monitoring and Reporting
6.4 People Management	6.4.1 Incentives Frameworks	6.4.1.1 Organization and Structure of Program	Incentive Plans, as applicable
	6.4.2 Training Effectiveness	6.4.2.1 Scope of Training Programs	Training Delivery
			Training Resources
	6.4.3 Workforce Development	6.4.3.1 Employee Satisfaction	Measurement of Employee Satisfaction
		6.4.3.2 Executive Experience Levels	Executive Tenure and Experience
		6.4.3.3 Vacancies and Fill Times	Organizational Staffing and Changes
6.5 Technology and Business Continuity and Disaster Recovery	6.5.1 Business Continuity and Disaster Recovery	6.5.1.1 Business Continuity	Business Continuity Planning
			Business Continuity Testing and Implementation
		6.5.1.2 Disaster Recovery	Disaster Recovery Planning
			Disaster Recovery Testing and Implementation
	6.5.2 Technology	6.5.2.1 Systems	System Development and Maintenance
			Technology Third Party Vendors
		6.5.2.2 Information Security	Data Security Controls and Permissions
			Data Risk Management
6.6 Vendor Management	6.6.1 Vendor Selection	6.6.1.1 Vendor Selection Process	Vendor Due Diligence
	6.6.2 Vendor Management and Oversight	6.6.2.1 Vendor Communication	Vendor Communication Escalation
			Vendor Communication Methods
		6.6.2.2 Vendor Management and Oversight Process	Vendor Oversight Process
			Vendor Recertification Process
			Offshore Vendors