How Blackstone Assessed 3x More Vendors Than Before: Interactive Case Study

3 minute read

January 2019

Blackstone Assesses 3x More Vendors

CyberGRX Is A Force Multiplier for Third-Party Cyber Risk Management

A Force-Multiplier

With a rapidly growing business that includes a robust vendor ecosystem and portfolio of companies, Blackstone needed a force multiplier that would help them create an efficient, effective and scalable third-party cyber risk management program.

About Blackstone

Founded in 1985, Blackstone is one of the world’s leading investment firms. They seek to create positive economic impact and long-term value for their investors, the companies they invest in, and the communities in which they work. They do this by using extraordinary people and flexible capital to help companies solve problems. But it takes a solid ecosystem of partners to support their business. Blackstone has over 3,000 vendors themselves, while their portfolio, which includes over 100 companies, has tens of thousands of vendors.


In the first year partnering with CyberGRX, Blackstone anticipates it will assess 3x the number of vendors than were previously assessed.


In 2012 Blackstone initiated a third-party risk management program that consisted of spreadsheets and phone calls. As their business grew rapidly, with 4 to 6 vendors coming on every month, they realized that a program based on spreadsheets and phone calls couldn’t keep up.

This challenge wasn’t unique to Blackstone. Their entire portfolio, over 100 companies, shared the challenge of third-party risk management programs that weren’t scaling as quickly as the risks were growing. As Blackstone engaged with its portfolio to solve this common problem, it became apparent that most of the companies were using different methodologies to support their third-party risk programs, there was a lot of overlap among common vendors that were being assessed by multiple companies, and findings from assessments were rarely shared.

Blackstone was able to reduce resources by 50% and reallocate to strategic initiatives.

How CyberGRX Helped

CyberGRX’s platform has helped Blackstone create a more efficient third-party risk management program, arming them with greater insight into which risks need to be prioritized for mitigation. With CyberGRX, Blackstone is now able to risk rank their vendors so they can issue appropriately tiered assessments and get a clear understanding of which third parties pose them the greatest risk.

With a better understanding of which vendors to focus on, the advanced analytics of the CyberGRX platform has helped Blackstone prioritize the critical areas of risk and enables them to have risk-based discussions with their vendors and business partners.

In addition, once their vendors complete an assessment and post it to the CyberGRX Exchange, that assessment becomes available to any one of Blackstone’s portfolio companies who are also using CyberGRX. The Exchange model will significantly reduce the waste and overlap of redundant assessment requests between and among Blackstone and its portfolio.


In the first year partnering with CyberGRX, Blackstone anticipates it will assess 3x the number of vendors than were previously assessed. Thanks to the efficiencies created by the CyberGRX platform, Blackstone has been able to reduce the resources allocated to their previously inefficient assessment process, from 1 to .5 FTE, and focus those resources on risk management, reduction, and mitigation efforts, instead of the tedious work of swapping spreadsheets and making extended phone calls with vendors. With the CyberGRX platform up and running, Blackstone will now have continuous insight into the threats posed by their ecosystem, without adding additional overhead.

CyberGRX is a force multiplier for our third-party cyber risk management program. In just the first year, I anticipate we will be able to assess 3x more vendors than we assessed last year and reallocate the resources saved to true risk management and mitigation efforts.

– Adam Fletcher, Blackstone CISO

Request A Demo

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit