Our new Vertafore case study shows how a digitized process to respond to security reviews reduced the time to completion to 24 hours.
Vertafore delivers InsurTech solutions to connect every point of the insurance distribution channel. With an ever-growing customer base, they were inundated with due diligence requests and long custom questionnaires, and found themselves answering the same questions over and over again. So the team was looking to replace the manual process and the email dependency when answering to customer security requests.
With Beacon by ThirdPartyTrust, they were able to build a single security profile to centralize all their documents, inviting customers to see them with the click of a button. They now onboard between 10 and 20 new customers every week.
After evaluating other tools in the market, she realized that as a modern, SaaS, network-based platform, ThirdPatyTrust tackled third-party risk management from a fresh lense. Traditional, large companies have a solid purpose, but they’re tackling up functionality to an existing framework that may or may not work, like GRC systems that add features to track risks and questionnaires into a “magical” system; but they tend to be too intensive, and there’s too much upkeep required.
The improvements on day-to-day operation
The team at Vertafore now feels they’re not holding customers back to complete the vendor due diligence review, which is a pretty significant improvement from a customer satisfaction perspective. They actually get a lot of positive feedback on how easy it is to use and move around.
Customers can now pull down what they need from Vertafore’s Beacon profile and set a series of email requests throughout the year for specific documents, so they can get what they need when they need it.
Instead of dedicating 100% of her time to answering assessments and due diligence documentation replies, Michelle now dedicates 25% of her time to those same tasks. The rest of her hours can be focused on higher value activities, allowing her to make data-driven decisions to improve the overall TPRM strategy.
The new process had a positive impact across the organization, including Sales, Support, Security, Finance, and Legal, as all teams can now find security artifacts in a single repository. Vertafore even modified their contract language to reference “Beacon Service” as their vendor security profile. If a customer is not willing to use the platform, Vertafore might charge them time and materials on an hourly professional services rate.
Furthermore, Vertafore executives really praise ThirdPartyTrust and include it in their presentations as a key ally, due to the efficiencies that it’s driven. The most strategic opportunity they got was to reduce the manual work, and move away from answering custom questionnaires.
The Beacon profile can host all security questionnaires, certifications and attestations, such as: SIG Core and Lite, Cloud Security Alliance CAIQ, SOC reports, ISO certifications, HiTrust, pentests, insurance documentation, and more.
As closing words, Michelle stated:
To learn more about how ThirdPartyTrust can help you streamline your TPRM program, request your free trial now: