• CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • PARTNERS LOGIN
  • CONTACT US
  • PRIVACY POLICY

Biopharmaceutical Case Study: 2x Vendor Risk Assessments With The Same Resources

Published by Sabrina Pagnotta on September 6, 2021
Categories
  • Blog
Tags
  • TPRM Best Practices
Biopharma Case Study TPRM 2x vendor risk assessments

A large pharmaceutical research & development company used to assess third party vendors with a very manual and tedious process, involving multi-tab spreadsheets that were passed back and forth. When a new program came up where they had to assess 1,000+ third-parties in a year, they chose ThirdPartyTrust to accelerate and scale this process.

This case study describes how we helped meet (and exceed) those needs, helping the company perform 2x vendor risk assessments with the same resources. Below is a recap of our conversation with the Program Manager & Security Consultant for this company, which asked to have their name blinded to protect their confidentiality.

Biopharma Case Study TPRM 2x vendor risk assessments
Click on the image or here to download the case study overview
Q: Why was the company in the need for a third party risk management solution?

The process that we had was totally manual. There were spreadsheets sent to the supplier, which had to be tracked by remote and local teams, in an extremely manual and tedious way.

There was a program coming up by which we would have to do 1,000 third-party risk assessments in two years, which was way more than we were capable of. So we started looking for a solution that could help accelerate and streamline that evaluation process.

If it worked for that program, we could transition the tool to our day to day manual process for assessing new vendors. [Spoiler alert: it worked!]

Q: How many questionnaires were you managing?

Probably 300 a year at most. Our volume was estimated to increase over time because of a greater awareness of the requirement to do evaluations, so we knew that we needed to improve compliance with that requirement. And for that, we needed a scalable third-party risk assessment process.

Over time, that amount increased by nearly 50%, which is truly significant. The key being we were able to do any amount of expansion with the same team thanks to ThirdPartyTrust.

When the next large project starts, we’ll need to be initiating 60 vendors a month at minimum, so that will essentially double the numbers of evaluations we’re doing each month.

Q: What does the process look like now with ThirdPartyTrust?

When a business owner wants to engage with a new third party vendor, they have to send the request through ServiceNow (which can be integrated with ThirdPartyTrust via API). A Third Party Security Evaluation Analyst reviews the request and determines if an evaluation is truly required. If it is, they initiate the vendor risk assessment using the connection request functionality of ThirdPartyTrust, that kicks off all the invitation emails and reminders to the supplier.

The supplier needs to register into ThirdPartyTrust and respond to our requirements. Our Subject Matter Experts (SME) then review the answers and mark them as ‘Acceptable’ or ‘Not Acceptable’. For not acceptable cases, a finding is attached and the supplier can let us know when they’re gonna remediate that finding.

The best part is this discussion happens within the tool under the ‘Findings’ tab, and we don’t have to pick up the phone anymore!

Once everything is settled we send a summary report to the person who requested the evaluation to let them know how much risk that supplier would expose our company to.

Read More: What Is Inherent Risk And How To Calculate It?

Q: What other process improvements have you noticed?

The communication back & forth about the findings has much improved. We’re looking at documents in the system instead of email threads. We now have the capacity to do many more assessments than we did before, with the same resources.

All our vendors are in one place and we can monitor their progress and apply filters to focus on what we need to be working on.

The next thing we’re going to try on ThirdPartyTrust is the regulatory requirement to re-evaluate third-parties after a certain period.

Read More: Why You Need to Reassess Vendor Risk on an Ongoing Basis

Q: What feedback have you received from vendors responding to your requirements through ThirdPartyTrust?

For new suppliers we have a very high acceptance rate of 90%. They want to do business with us, so they fulfil our requirements.

We even have vendors that started using ThirdPartyTrust themselves to share their security posture. Once they realize they can upload their insurances, certifications, and questionnaires one time instead of sending them to every one of their customers, the value of ThirdPartyTrust becomes evident.

Learn More: Beacon by ThirdPartyTrust for Vendors: Scaling the Response to Risk Assessments with a Centralized Security Profile

Q: Why should other organizations choose ThirdPartyTrust to manage third party risk assessments?

I think the best part is the innovation of the tool. ThirdPartyTrust is keeping their finger on the pulse of what’s needed by its customers, which is outstanding.

I have a 40-something-year career in IT and I’m in meeting after meeting with suppliers that will just say: “That’s not how the system works”. Whereas the support we get from ThirdPartyTrust for developing our program is just amazing.

The partnership that we have with ThirdPartyTrust is unlike any other that I’ve had as far as understanding and responding to our needs and improving the product. Every vendor will say they’ll be a great partner. But I’m here to tell you this partnership with ThirdPartyTrust has just been above and beyond. 

We wouldn’t have succeeded on our previous programs and we wouldn’t have transitioned to using the tool if it hadn’t been for the over and above efforts of the ThirdPartyTrust partnership.

making tprm easier

Ready to take your TPRM to the next level?

Requesting vendors to complete risk assessments should not be a killer.

Get your free strategy guide and learn how to boost efficiency, transparency, and control over your risk management process and business bottom line.

Get the Guide
Sabrina Pagnotta
Sabrina Pagnotta
Sr. Content Strategist
  • Phone
    |+1-617-245-0469
  • Address
    |
    111 Huntington Ave, Suite 2010, Boston, MA 02199
  • Sales
    |sales@bitsighttech.com
  • Contact Us
Laika_SOC2_TypeI_PurpleIris        CSA_Trusted_Cloud_Provider

©2022 ThirdPartyTrust, LLC and its Affiliates. All Rights Reserved. | 111 Huntington Ave. Suite 2010 Boston, MA 02199
  • PARTNERS LOGIN
  • CONTACT US
  • PRIVACY POLICY
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Reject AllAccept
Cookie Settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT