Organizations can lose sight of the fact that you can outsource a function to 3rd parties, but ultimate responsibility for all compliance requirements remains with them. Choosing the right approach to make sure vendors are secure has never been so essential. Although beneficial, outsourcing an organization’s vital functions presents risks, the most pronounced being legal, financial, operational and reputational risks. Vendor Risk Management is a process used to plan, assess and mitigate these risks that third-party vendors present.
Organizations regulated by PCI DSS, Basel Laws, HIPAA, GLBA and other regulations have to ensure that the vendors accessing their assets and systems are compliant with the relevant regulations.
ProcessUnity Vendor Risk Management helps companies effectively identify and mitigate risks posed by 3rd party service providers in critical risk areas such as information security, service delivery, supply chain processing, financial processing, reputation, and regulatory compliance. ProcessUnity enables companies to gain clear visibility into the business impact of third-party risk through its direct links from vendors to specific business elements such as processes and lines of business and to its third-party services catalog. ProcessUnity also provides secure storage of vendor-related documentation. Powerful assessment tools enable evaluation of vendor performance based on customer-defined criteria through automated, questionnaire-based self-assessments as well as through detailed audits of vendor controls. Flexible reports and dashboards enable ongoing monitoring of vendor ratings, assessment progress, and status of remediation activity.
- Build and maintain a definitive third-party service catalog with linkage to securely-stored third-party documentation.
- Issue and analyze the responses to third-party self-assessments. Conduct detailed audits of third parties based on self-assessment findings and other customer-defined assessment criteria.
- Link results and action items from third-party evaluation and assessments to specific risks, controls, compliance requirements, and areas of the business.
- Monitor resolution of action items and capture related impact on third-party risk and compliance ratings.
- Mitigates Vendor Risk through more comprehensive vendor assessments
- Save time and cut the costs of generating, distributing and collecting vendor questionnaires
- Simplify tracking of vendor responses
- Increase management’s visibility to potential third party compliance issues
- Eliminated redundant and potentially erroneous vendor data
- Consolidate your vendor and contract info in one easy-to-use application, accessible anywhere and anytime
- Flexible, Configurable Solution for creating custom questionnaires, allowing vendors to complete surveys online and easily submit responses electronically – puts an end to managing paper forms and arrays of spreadsheets
- Custom Questionnaire Templates with any number of sections, questions and response types (Yes/No, multiple choice, select all that apply, freeform text, and a variety of numerical response types). Other features include question guidance (tooltips and sub-text), support for requesting additional comments and related documentation, auto-generated issues based on question response, analyst instructions for the review process, and configurable scoring algorithms for individual findings and the overall assessment itself.
- Import Templates to get started by preloading vendor data and existing questionnaires.
- Automated Assessment Workflow that includes questionnaire distribution, completion, and response submission. Vendors complete the questionnaires directly within the secure ProcessUnity environment, providing responses, optional comments, and the ability to easily attach supporting documentation.
- Proactive Notification and Collaboration Support provides the necessary automated communication vehicles to keep vendors and analyst teams engaged during the assessment process.
- Analyst Review allows analysts to review responses and add notes, raise issues, add findings, track status, determine remediation, and run final reports.
- Comprehensive Reporting for viewing vendor and service information including related risks, vendor assessment summary/status/timetables, Issues and Project tracking, Findings reports and charts, etc.
- A powerful custom reporting facility for unique, ad-hoc requirements.
ProcessUnity Vendor Risk Management (Third Party Assurance) Demonstration. Condensed video taken from a recent ProcessUnity webinar. Visit ProcessUnity.com or contact us for customer case study, risk assessments, vendor scorecards and surveys.