• CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • PARTNERS LOGIN
  • CONTACT US
  • PRIVACY POLICY

Credit Union Case Study: Vendor Assessments Accelerated From 3 Weeks To 1 Day

Published by Sabrina Pagnotta on August 30, 2021
Categories
  • Blog
Tags
  • TPRM Best Practices
Credit Union Case Study TPRM

One of the biggest credit unions in Texas, with more than 350,000 members, was looking to replace a manual vendor risk assessment process with a streamlined workflow. Their goal was to comply with regulations around third party risk in the financial services industry while increasing security across their vendor supply chain.

They now enjoy a centralized workflow with customized requirements per type of vendor, and notifications around upcoming due dates for security documentation.

Read our full Credit Union – Financial Services TPRM Case Study to learn how ThirdPartyTrust accelerated their risk assessment process with improved visibility over the vendor ecosystem.

Credit Union Financial Services TPRM Case Study
Click on the image or here to download the case study overview

Below is a recap of our conversation with our customer, Manager or Information Security Compliance at this credit union.

Q: Why were you looking for a third-party risk management solution?

We started with third party risk assessments about a year and a half ago, with a manual process that was not very satisfactory. We had to set up a file storage to keep all the documents that vendors sent to us; we had to set up a separate inbox to send and receive emails with security documentation; and we also used that mailbox for the approval process. 

Vendors would send their final report to me, I’d approve it and send it to my boss, and he’d approve it. That whole approval process was time consuming and not scalable.

And of course we had no reminders of upcoming tasks or documents about to expire. I guess we could have used the inbox calendar to set up recurring assessments, but all in all it was a very manual process and we really didn’t like it. So that’s what prompted my search.

Q: Can you describe your selection process?

We looked at 6 different tools, but some were not even in the same game. Companies that score risk based on information they can gather from the internet provide valuable insights, but only when those insights are combined with all the other documents that a vendor supplies.

Having that vendor information available through ThirdPartyTrust is a real bonus. I love being able to automate our workflow and conduct the end-to-end risk assessment process, including document repository, follow up with vendors, and reminders – while also having an overview of different scores and data feeds.  

Q: How does your process look like now with ThirdPartyTrust?

The process is more or less the same but it now takes way less time. We still go through the process of trying to figure out who we need to contact at the vendor organization, but then I just need to invite them to the platform. Once they submit their documentation, I can complete the assessment in around 24 hours.

Another great benefit is that when business owners come to me saying they need to do a risk assessment, they often only have the Sales person’s name or the Customer Success Manager’s name. If their company is fully engaged in the ThirdPartyTrust platform, the people that have already joined also get notifications when I send stuff to these Sales or Customer Success representatives. I don’t have to hunt for contacts, they automatically get notified. That part has really been simplified for the participating companies and we’ve received really great feedback from vendors who enrolled in the platform.

One more thing worth mentioning is that before, we had to build our own risk assessment table. It took a lot of time to agree on how to set it up, what factors to consider and how much they should weigh. With ThirdPartyTrust, we just did the setup once, spent a couple of hours refining it to suit our business needs, and we were ready to go.

Read More: Building Requirements for a Customized Risk Assessment

Q: What operational improvements have you noticed?

There’s a lot of hours saved, definitely less back and forth via email chasing vendors to complete requirements. With fully participating companies, I only need to wait for them to upload their documents and I can turn the whole thing around in 24 hours. 

I can now rely on the system notifications. I love that my connected vendors get reminders when their insurance certificates or SOC 2 reports are about to expire, so I don’t have to chase them. If they’re really committed to doing business with us, they just keep their documents up to date.

Q: What’s your favorite functionality of ThirdPartyTrust?

The ability to customize the tool and adapt it to our use cases. For example, being able to tag a third party vendor as whether it’s cloud based, in-house or hybrid model, so I don’t have to think about what documents I need to ask of them. The tag has an associated template with specific requirements. It’s really just a matter of inviting people to respond to it.

Another thing I find very helpful is the dashboard, which provides a quick glance of different indicators and analysis of our entire vendor population. For audit and reporting purposes, this dashboard and the ability to download data as CSV is a win.

Q: What are your next steps with ThirdPartyTrust and your TPRM program?

We’re in the financial services industry so we’re very heavily regulated. Third party risk assessments are one of the biggest things they look at, so implementing a tool that allows us to be compliant was a step in the right direction. 

Read More: The TPRM Use Case for Financial Services Organizations

Now we need to start analyzing our fourth-parties, as everything is getting so intertwined and information is everywhere now.

Q: Why should other organizations choose ThirdPartyTrust?

After evaluating several tools, we chose ThirdPartyTrust because it had the best balance of functionality and price. It has definitely accelerated our ability to complete risk assessments with the added value of continuous monitoring. Being able to look at the scans from BitSight, RiskRecon, and others and see that nothing drastic has changed for a certain vendor is extra reassurance on the process of checking a vendor’s security posture.

making tprm easier

Ready to take your TPRM to the next level?

Requesting vendors to complete risk assessments should not be a killer.

Get your free strategy guide and learn how to boost efficiency, transparency, and control over your risk management process and business bottom line.

Get the Guide
Sabrina Pagnotta
Sabrina Pagnotta
Sr. Content Strategist
  • Phone
    |+1-617-245-0469
  • Address
    |
    111 Huntington Ave, Suite 2010, Boston, MA 02199
  • Sales
    |sales@bitsighttech.com
  • Contact Us
Laika_SOC2_TypeI_PurpleIris        CSA_Trusted_Cloud_Provider

©2022 ThirdPartyTrust, LLC and its Affiliates. All Rights Reserved. | 111 Huntington Ave. Suite 2010 Boston, MA 02199
  • PARTNERS LOGIN
  • CONTACT US
  • PRIVACY POLICY
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Reject AllAccept
Cookie Settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT