Vertafore delivers InsurTech solutions to connect every point of the insurance distribution channel. With an ever-growing customer base, they were inundated with due diligence requests and long custom questionnaires, and found themselves answering the same questions over and over again. So the team was looking to replace the manual process and the email dependency when answering to customer security requests.
With Beacon by ThirdPartyTrust, they were able to build a single security profile to centralize all their documents, inviting customers to see them with the click of a button. They now onboard between 10 and 20 new customers every week.
Download the full case study to discover more facts & figures about the TPRM use case:
“We had a very manual process responding to all of our customer requests for due diligence via email, which obviously was very difficult to manage and took a lot of time to process everything”, said Stephanie Hilker.
There was no security around this process and it required a lot of extra review on their side to make sure customers were getting the right artifacts and the right follow up questions. On top of that, sometimes the Sales team would save documents locally and send out outdated versions.
Selecting Beacon by ThirdPartyTrust
According to Michelle Covert, Governance Risk & Compliance Manager, “ThirdPartyTrust was an easy win”. The team only had to upload a file to their Beacon profile, populate a questionnaire, and keep documentation up to date.
She highlighted the following characteristics from ThirdPartyTrust:
- Ease of use
- Easy implementation
- Light footprint in the network
- SSO and end-to-end encryption
After evaluating other tools in the market, she realized that as a modern, SaaS, network-based platform, ThirdPatyTrust tackled third-party risk management from a fresh lense. Traditional, large companies have a solid purpose, but they’re tackling up functionality to an existing framework that may or may not work, like GRC systems that add features to track risks and questionnaires into a “magical” system; but they tend to be too intensive, and there’s too much upkeep required.
The improvements on day-to-day operation
The team at Vertafore now feels they’re not holding customers back to complete the vendor due diligence review, which is a pretty significant improvement from a customer satisfaction perspective. They actually get a lot of positive feedback on how easy it is to use and move around.
Customers can now pull down what they need from Vertafore’s Beacon profile and set a series of email requests throughout the year for specific documents, so they can get what they need when they need it.
Instead of dedicating 100% of her time to answering assessments and due diligence documentation replies, Michelle now dedicates 25% of her time to those same tasks. The rest of her hours can be focused on higher value activities, allowing her to make data-driven decisions to improve the overall TPRM strategy.
The new process had a positive impact across the organization, including Sales, Support, Security, Finance, and Legal, as all teams can now find security artifacts in a single repository. Vertafore even modified their contract language to reference “Beacon Service” as their vendor security profile. If a customer is not willing to use the platform, Vertafore might charge them time and materials on an hourly professional services rate.
Furthermore, Vertafore executives really praise ThirdPartyTrust and include it in their presentations as a key ally, due to the efficiencies that it’s driven. The most strategic opportunity they got was to reduce the manual work, and move away from answering custom questionnaires.
The Beacon profile can host all security questionnaires, certifications and attestations, such as: SIG Core and Lite, Cloud Security Alliance CAIQ, SOC reports, ISO certifications, HiTrust, pentests, insurance documentation, and more.
As closing words, Michelle stated:
To learn more about how ThirdPartyTrust can help you streamline your TPRM program, request your free trial now: