Incorporating Content Services into Your Vendor Risk Management Assessment Process
Companies are continually searching for ways to improve the quality of their third-party risk due diligence and ongoing assessments. Leveraging content from third party content providers in a solution like ProcessUnity is one mechanism that can be leveraged to achieve that goal.
ProcessUnity partners with content providers that supplement or augment components of the third-party due diligence process. In trying to provide our customers with as many options as possible, ProcessUnity currently has partnerships with Argos Risk, Dun & Bradstreet, NominoData, RapidRatings, SecurityScorecard, Shared Assessments and Refinitiv.
By adding these feeds into our platform, we’re providing our customers with additional data points about a third-party vendor’s risk profile – in a single view as opposed to needing to sign into multiple technologies for different feeds.
When assessing risk, the more information the better. Content feeds can provide a company with additional, invaluable information in the areas of financial health and cyber security, as well as sanctions, watch lists and adverse media searches. The date provided can save time up front in the initial assessment process, as well as notify partners of issues in between periodic vendor reviews.
For example, let’s say a very large healthcare provider is conducting inherent risk assessments of a vendor services. Dun & Bradstreet would be a sample partner that would provide them with financial health scores. Receiving the content feed would give the company insights on these third-party organizations regarding their credit ratings, credit health, potential for bankruptcy down the road, etc. This assists with establishing inherent risk up front without ever even having to contact these potential third parties. Companies can make an initial assessment on a potential business partner right up front if there is a blemish big enough to cross a certain risk threshold.
These feeds can also help with ongoing risk assessments. Companies can’t continuously send surveys or assessments to third parties, but with these automated feeds, they can review their financial data, touch their technology systems with greater frequency. If something changes, notifications can be triggered and the company can either reach out and follow up to get clarity into what triggered the notification, conduct another assessment or even go on-site.
The content providers are continuously monitoring, updating and providing notifications when key data points change to alter a company’s risk profile. Subscribers may opt to receive updated feeds with notifications of changes to risk areas of concern. Companies can set up the frequency ProcessUnity receives updates to the content feeds. For example, the company may choose to update the content feed for a high-risk third party on a weekly basis. If the critical score from the content provider changes and requires actioning, a notification can be sent to the company to conduct their appropriate review of the change. The frequency of content updates can be configured to liking of the ProcessUnity customer.
To learn more about ways to enhance your vendor risk management program’s due diligence process, watch Vendor Due Diligence – Keep the Risk Out!