Click on the images to enlarge
The team at Pinnacol Assurance was looking for a tool that would help them automate communication with vendors when they needed their SOC reports or other security documents. They were also hoping it would be an easier process to obtain these reports, as opposed to having vendor owners asking for documentation.
Download the full Pinnacol Assurance case study to discover the KPIs and how they automated the request of security documents:
We were looking for a tool that would help us in automating the communication to vendors when we needed their SOC reports and other certifications/reports – and were also hoping it would be an easier process to obtain these reports.
Our previous process was to reach out to Pinnacol’s internal vendor owners and have them do the asking. In many cases the vendor owners were too busy and didn’t make this a priority or didn’t understand what they were asking for, which created additional work for everyone involved and was not efficient.
We quickly realized that ThirdPartyTrust had additional features and functionality that our previous vendor did not. The platform improvements and the network approach helped us improve on our current approach, so it was a functionality based decision.
We had demoed some other tools in the past that didn’t match our needs. The pricing and ease of use with ThirdPartyTrust were the big decision drivers.
The tool is easy to use and support is great. Everybody at ThirdPartyTrust is great to work with and very responsive.
We were using a non-industry standard questionnaire for vendors that didn’t have SOC reports or other standard assessments/certifications. For the rest of them, obtaining SOC reports was ‘owned’ by individual vendor owners throughout the organization which required a lot of ongoing follow-up and clarification of what was being requested.
The current process is we have a contract management system for our third-parties, which assists us with our risk ratings and reminding of expirations (e.g., SOC, contracts, insurance). We complement that with ThirdPartyTrust for the assessment/certificate requests for our high risk vendors.
Currently we’re managing 65 vendors and introducing more as we request their SOC reports or certifications when they’re actually coming due. It’s a rolling process with an expected time frame of one year to onboard all our high risk vendors to ThirdPartyTrust.
Yes, I would say 80%. We are introducing vendors to the platform when we need their updated assessment/certifications so we aren’t doing all vendors at once.
Click on the images to enlarge
It’s more ongoing monitoring versus a ‘one and done’, annual review. Even outside of the scans, if we can get our vendors to upload documents into the platform when they become available, I get notified and I can stay on top of it more.
I love the scans as they give me a more immediate understanding of the vendors risk profile. We are really liking the different providers ThirdPartyTrust has partnered with to help us monitor our vendors.
To learn more about how ThirdPartyTrust can help you automate your third-party risk assessment and monitoring process, request your free trial now:
|cookielawinfo-checkbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checkbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|