Take-Two Interactive Software, Inc. is a leading developer and marketer of interactive entertainment through their labels Rockstar Games, 2K, Private Division, and Social Point.
They have over a thousand third-parties, but they were only able to assess a fraction of them due to their decentralized program that had inconsistencies between labels and studios.
We interviewed Carrie Klinginsmith, Senior Manager, to learn how Take-Two overcame its third-party risk management challenges with the ThirdPartyTrust platform.
The challenge that Take-Two was facing
The team at Take-Two couldn’t clearly understand or identify the risk appetite, tolerance, environment or landscape within the organization, because they were so spread out with the use of the third-parties across studios and labels.
“Being stuck in Outlook and sending Excel files was not practical either. You can’t know if the third-party is removing questions or editing your questions, unless you lock it down; but then you’d have to worry about macros and formats, and that’s just too much to be concerned about”, said Carrie.
What led Take-Two to look for a third-party risk management tool
They needed to create a consistent and streamlined process for third-party risk assessments. Even if they were to use the same questionnaire and repeat the same steps over and over again, this process needed to be consistent across the enterprise.
They were also looking for the possibility to adjust the risk appetite tolerance level based on the studio they would assess for, its services and scope. The tool would have to successfully adapt to their specific needs, not vice versa.
The requirements needed
Take-Two had to ensure the chosen solution had a strong API, because they use multiple platforms like ServiceNow, Slack, and other tools that help them perform.
They needed a tool that they could grow with and for it to be customizable and easy to configure.
They demoed approximately ten tools to determine which would best fit their environment, and ended up choosing ThirdPartyTrust.
Key ThirdPartyTrust features
“The key thing that we love about ThirdPartyTrust is the visibility we gained with its dashboard. When you log in to the platform, you see all the third-parties that you have listed and a quick overview of their impact, trust score, risk score, labels, etc. It’s a very clear layout, where you see what’s happening and where you’re at”Carrie Klinginsmith, Senior Manager at Take-Two
She also mentioned the possibility to customize the trust score, how much weight it carries, what documents are required, and what rules they have…. “It only took 30 seconds to properly set this up”, she added.
“Overall, ThirdPartyTrust allows our team to live in one tool and allows the rest of the company to input information to us from a different tool”, she explained.
Improvements on day-to-day operation at take-two
It used to take them 21 days to perform an assessment with their manual process, but by using the ThirdParty platform it decreased to 14 days. That has been extremely beneficial and also allowed the company to change their cultural stance on risk.
Besides, all the relevant information is now available within the platform, so the team does not have to switch back and forth between tools anymore.
The reports provide accurate KPIs like:
- How long it’s taking to perform an assessment
- How long it’s been in queue
- Who sent it
- How many third-parties are flagged in a certain category
- Insights on breaches, scans, findings, and notes
Main takeaways of the experience implementing ThirdPartyTrust
“When we’re working on assessments, we need to show the value of what we have done – explain how we did it and why we think the risk is what it is. What’s nice about ThirdPartyTrust is having a platform that makes it easy to showcase internally and that’s also easy for our team to use”, concluded Carrie.
By having everything in one place, Take-Two managed to show so much value to the business.
To learn more about the ThirdPartyTrust and try it yourself, request your demo now: