• CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • PARTNERS LOGIN
  • CONTACT US
  • PRIVACY POLICY

The Network Approach: Making Vendor Risk Management Easier and More Efficient

Published by Sabrina Pagnotta on June 9, 2021
Categories
  • Blog
Tags
  • TPRM Best Practices
  • Vendor Best Practices
network approach vendor risk management

Vendor Risk Management (VRM), sometimes known as Third Party Risk Management or TPRM, is becoming more and more important in our new normal of security assessment, with increasing interconnected businesses around the globe and extended supply chains. But with outsourcing comes the challenge of increased risk potential and the lack of scalable methods to assess and mitigate third party risks coming from those relationships.

For years this vulnerability assessment has entailed repetitive and redundant communication and document sharing. As a result, risk was increased and business’s resources were poorly spent.

Luckily, there’s a better way of doing things as companies increase their security assessments. The secret to gaining efficiency and insight into your VRM process is a unique way of automating the main complicated steps. This process is the Network Approach, and only a few companies are taking advantage of it. Read on to learn how to harness its power.

 

Why the old approach to vendor risk management was not working

VRM helps organizations ensure that their third party vendors do not create an unacceptable potential for cyber risk or business disruption. It is (or should be) a key component of a holistic approach to cybersecurity and risk management within organizations. However, the management part of it can seem intimidating for companies that lack the resources (time, budget, technology) and rely on manual processes.

 

The traditional approach to third party risk management usually consists of organizations mapping out their questions and requirements in a spreadsheet that is sent to every new third party vendor, in order to assess their security posture. These requirements vary according to the type of relationship and the level of access to sensitive information that the vendor will have.

There are several problems with this approach:

 

  1. It’s hard to customize requirements in an organized manner, as that would mean different spreadsheets and/or multiple tabs
  2. Third party vendors need to answer the same questions and share the same documents every time a customer wants to assess them, and are constantly chased via email
  3. The email & spreadsheet method is not scalable to take on new reviews as more vendors enter the supply chain, which usually leads to thinking hiring more people is the only answer

 

Introducing the Network Approach by ThirdPartyTrust

The approach that we took with ThirdPartyTrust is that of a truly connected network, almost like LinkedIn, but for enterprises and their vendors. The idea being vendors have security profiles inside ThirdPartyTrust that they can share, and other companies may use what’s available in these profiles to satisfy their due diligence needs and understand their security posture.

In parallel, enterprises on the requestor side get to automate and streamline this intake of information, customize their requirements (what they ask/need from each type of vendor), and get the ultimate quantified view of risk across their supply chain. Upon joining the ThirdPartyTrust network, a portion of their vendor population is most likely to be already assessed on the platform. This data is readily available and allows teams to answer most of the questions instead of starting from scratch.

This holistic view of TPRM that we call the network approach goes beyond gathering data for the sense of gathering data because:

 

  • It’s a collaborative network of enterprises and third party vendors exchanging security information in the fastest and most efficient way
  • It’s about using that data for making decisions towards risk reduction
  • It’s about using the findings to push the vendor to change for the better and improve their security posture
  • It’s a shared effort towards transparency that is proved to actually reduce risk

 

If this sounds familiar, download our free strategy guide to learn how the Network Approach can help your organization solve 3 common challenges of third party risk management.

 

network approach to third party risk management strategy guide

 

Rethinking security risk assessments and vendor due diligence

ThirdPartyTrust was founded to fix the ‘rinse and repeat’ problem with vendor risk management – simplifying information sharing for enterprises and their third party vendors. We see more and more how companies struggle with the growing demand to onboard new vendors or respond to more security reviews with a lack of resources, while regulation adds pressure to the equation.

As a vendor, years ago, our Founder and CEO Anders Norremo was receiving multiple spreadsheets with the same types of questions every week (read his full backstory here). Meanwhile, his customers were struggling to get those filled out. There was a lot of manual and repetitive efforts that made the process inefficient for both sides.

The goal of ThirdPartyTrust was not just to help the enterprise do it more efficiently, but also to add value to the process. We asked ourselves, can we speed things up for organizations while we solve the vendor use case?

As it turns out, there are more pieces to the puzzle than asking these due diligence questions upfront. Proper Vendor Risk Management – or, in a broader sense, Third Party Risk Management (TPRM) – is not a point in time questionnaire. When creating this single pane of glass around TPRM, we not only automated and simplified the evaluation workflow. We also integrated additional tools, such as external ratings, to complement the enterprise assessment and vendor response processes.

We have the big cyber rating providers all integrated in one place, like BitSight and RiskRecon for security, Osano for privacy, Supply Wisdom for geopolitical risk, HackNotice for data breach information, ArgosRisk for financial viability, SpyCloud for credential exposure, and more.

These partnerships, combined with our end-to-end workflow automation tools and centralized dashboard, allow organizations across different industries to go deeper in their initial vendor assessments and subsequent continuous monitoring.

Conversely, for third party vendors, our platform is a one-stop shop to build and share a centralized security profile. Instead of starting from scratch on every customer security request, they can just invite their customer to this centralized profile comprising all questionnaires, certifications and attestations, such as SIG Core and Lite, CAIQ, ISO, pentests, etc. By leveraging previous work completing an assessment for one customer, vendors get some mileage for their next assessment.

Our focus is to change the way things were done in the past and go really deep in the areas that matter. That requires organizations on both ends to be much more agile with the assessment request and response process.

 

 

We are crowdsourcing this exchange of information and making things easier for organizations and third party vendors. Are you ready to join the network?

[dt_default_button link=”url:https%3A%2F%2Fwww.thirdpartytrust.com%2Frequest-a-demo%2F%3Futm_campaign%3DNetwork%2520Approach%2520Strategy%2520Guide%26utm_source%3DBlog|target:_blank” size=”medium” button_alignment=”btn_center”]Explore ThirdPartyTrust[/dt_default_button]
Sabrina Pagnotta
Sabrina Pagnotta
Sr. Content Strategist
  • Phone
    |+1-617-245-0469
  • Address
    |
    111 Huntington Ave, Suite 2010, Boston, MA 02199
  • Sales
    |sales@bitsighttech.com
  • Contact Us
Laika_SOC2_TypeI_PurpleIris        CSA_Trusted_Cloud_Provider

©2022 ThirdPartyTrust, LLC and its Affiliates. All Rights Reserved. | 111 Huntington Ave. Suite 2010 Boston, MA 02199
  • PARTNERS LOGIN
  • CONTACT US
  • PRIVACY POLICY
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Reject AllAccept
Cookie Settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT