How to Gain Control of Third-Party Risk: A Case Study
By Sarah Nord
Identifying and managing risk within your own organization is challenging enough. When you add a diverse array of third-party relationships, the picture becomes exponentially more complex. Vendor risk management (VRM) professionals have the challenging task of uncovering and analyzing risk to prevent another company’s issues from becoming their own.
I recently interviewed Paul Henriques, director of third-party security at Intarcia, about his company’s forward-thinking approach to VRM. Here’s how he described his business function:
“My team reviews all of our partners to understand their risk posture. We look to see if they have a security program and established policies that align with our own internal standards.”
When Henriques joined Intarcia, his team was using spreadsheets and manual processes to handle their day-to-day activities. With information coming from many directions, he saw an opportunity to improve efficiency, and he began the search for a better solution.
That search led him to Onspring.
“Onspring allows us to aggregate our partners and manage all associated risks with those relationships. It drives the automation of these processes.”
Intarcia now has a well-managed, well-documented Vendor Management system that allows them to:
- Deliver electronic surveys to third-parties
- Risk-rank and categorize responses
- View a partner’s risk posture at a glance
- Perform annual reviews of partner relationships
The major wins? Control, visibility and self-sufficiency. Henriques summed it up this way:
“Onspring allows us to focus on our core mission of risk mitigation instead of managing the software itself.”
If you’d like to learn more about Intarcia’s approach to vendor risk management, I invite you to download the case study. Special thanks to Paul Henriques for sharing his story.