Leader in global cybersecurity strengthens business resilience through better third-party risk management
As one of the world’s largest cybersecurity technology providers with links to merchants, customers, and banks across geographies, the company has a highly complex operational ecosystem. Not only do they have to collaborate with traditional third-party agents like retailers, franchises, and banks, but they also must deal with a rapidly growing digital ecosystem of services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks data and others. Meanwhile, many third-party agents, including banks, come with their own sites and vendors (fourth parties). To keep this entire ecosystem running smoothly, the company needs to have comprehensive controls in place, as well as a holistic view of risks – be it data privacy risks, geopolitical risks, or regulatory risks. Infosec security and Data fraud is a particularly important concern that has pushed the company to find more effective ways of identifying and responding to the risks in the extended enterprise
The customer has a massive network of third parties worldwide, including suppliers, partners, and customers. Every month, multiple new third parties are added to this network to meet their growing business requirements. Yet, each third party introduces multiple risks, including bribery risks, product safety risks, and information security risks – all of which directly impact the Customer’s reputation and credibility. To keep these risks in control, they thoroughly assess each third party before and after they are onboarded into the organization. Yet, over time, these assessments became increasingly complex and cumbersome. Whenever there was a request for a new third party, it had to be routed through a few select managers in the organization. They were the only ones with access to the third-party database, and therefore, they bore the entire responsibility of tracking thousands of third parties and assessing the associated risks. Adding to the challenge, each risk assessment was performed manually. Therefore, it took up considerable time and effort, and slowed down the onboarding process. Meanwhile, if the management team wanted visibility into the status of third-party risks and onboarding, they had to send out a request, and wait for reports to be manually generated. This again took time, in addition to delayed decision-making processes.
Lack of visibility into the third- and fourth-party network
Delays in identifying and responding to risks in the extended enterprise
Delay in manual assessment of risks across thousands of third parties worldwide
Third Party Management
IT Risk (Parallel Track)
INTEGRATION (MSI- Dell Boomi -Oracle EBS )
It quickly became evident that the existing approach to third-party risk assessments and onboarding was neither practical nor viable. With more third parties came more risks that needed to be assessed as quickly and efficiently as possible. So, the Customer began looking for a new solution to automate and accelerate their risk assessments
Faster Information Gathering
The app simplifies and accelerates the collection of third-party data, including banking details. Online access to the system, coupled with data entry forms specific to each geography, makes it easy for third parties from across the world to enter and update their banking information. This data is stored in a central repository where it can be referred to by the client quickly and efficiently
Simpler Assessment and Monitoring
The app streamlines and automates multiple third party assessment processes, including the ABAC assessments, scoring, and monitoring. Not only does this help the client save time, but it also allows them to identify high risk third parties efficiently, in addition make informed decisions on whether to qualify them.
The app has the scalability to onboard and accommodates 10,000 and more suppliers every year. Eventually, it will house data on 25,000 users for the company’s US operations alone and can be scaled further to accommodate additional third parties for the company’s European and other global operations.
Optimization of processes which reduced the duration of third-party assessments from 45 days to 10-12 days.
Faster, more actionable risk insights which enhanced the company’s ability to respond to third- and fourth-party risks.
Improved integration and consolidation of third- and fourth-party networks which strengthened efficiency
Better Integration of Third-Party Details
Instead of having to deal with third-party information scattered across spreadsheets and other documents, the client now has a centralized data repository. In addition, the app integrates with the client’s third-party information management system to enrich existing details. Thus, the client has a comprehensive, real-time view of all relevant thirdparty data, whenever needed