With this rapid expansion comes increased complexity—particularly when it comes to cybersecurity. Handling millions of customer transactions every month, the company must ensure that its vast network of third-party vendors meets the highest security standards. But their existing process for third-party risk management (TPRM) was becoming a liability.
Challenge: Securing Sensitive Patient Data in a Rapidly Expanding Retail Environment
“Before UpGuard, everything was manual and ad hoc,” says Andrew Morton, Head of IT GRC and Assurance.
“We were relying on spreadsheets, emails, and a lot of back-and-forth to assess vendor security. It was slow, inconsistent, and frankly, a nightmare to manage at scale.”
Chief Information Security Officer Nigel Hedges experienced the consequences firsthand. “We handle vast amounts of sensitive personal and patient data, including prescription records. If a vendor’s security posture is weak, it could expose us to regulatory risk and reputational damage. We needed a solution that would streamline risk assessments and ensure compliance without slowing the business down.”
For Nigel, the decision to implement UpGuard was not a leap into the unknown. “I first onboarded UpGuard at a previous company after a multi-million-dollar contract failed due diligence. We needed a solution that could quickly assess vendor risks, and UpGuard delivered. Since then, I’ve implemented it at multiple organizations because of its efficiency and usability.” His confidence in the platform made it a natural choice for Chemist Warehouse.
Solution: Intelligent Third-Party Risk Management with UpGuard
Recognizing the need for a more efficient and scalable approach, Chemist Warehouse turned to UpGuard’s third-party risk management platform. Beyond the automation, it was the platform’s usability and breadth of features that stood out.
“UpGuard is our one-stop shop for third-party risk management,” Andrew explains. “The ability to automate risk assessments, track vendor security postures in real-time, and customize questionnaires makes the process seamless. It eliminates the endless email chains and confusion.”
One of the most game-changing features was UpGuard’s passive scanning technology.
“The scanning tool gives us an instant, external view of a vendor’s cybersecurity posture before we even begin a full assessment,” says Nigel. “It’s a massive time saver. Instead of waiting on vendors to provide security documentation, we can proactively spot red flags.”
Another favourite feature is the dynamic questionnaires, which adjust based on vendor responses. “We’re not just getting generic security checklists,” Andrew notes. “The platform intelligently adapts, asking the right follow-up questions to get meaningful insights into a vendor’s risk exposure.”
Nigel highlights the clarity and ease of reporting.
“Executive teams don’t want to see raw security data—they want insights. UpGuard gives us structured, visual reports that make it easy to communicate risk levels to leadership and drive decision-making.”
Impact: Cutting Assessment Time by 75% and Keeping Pace with Business Growth
The results were immediate. UpGuard has cut vendor assessment time by 75%, allowing the security team to move from cumbersome, manual processes to a streamlined, automated workflow.
“What used to take us a month to complete can now be done in a week,” says Nigel. “That’s a 400% increase in productivity, and it means we can assess vendors much more quickly and keep pace with the business.”
Beyond the time savings, UpGuard has fundamentally changed how Chemist Warehouse approaches risk management. “Before, we were in the dark about vendor risk. Now, we have real-time insights,” Andrew explains. “We’re no longer reacting to security issues—we’re staying ahead of them.”
This newfound visibility has also improved supplier engagement. “Instead of security feeling like a roadblock, we can work with vendors more collaboratively,” Nigel adds. “We’ve seen vendors proactively remediate security issues based on UpGuard’s insights and even request reassessments once they’ve improved. That’s a massive win for us.”
The security team has also harnessed UpGuard’s capabilities beyond third-party risk management, with UpGuard Breach Risk. “We now use UpGuard to scan newly launched websites before they go live,” Andrew shares. “It’s become an invaluable tool for ensuring our own security posture remains strong.”
Looking Ahead: Scaling Security with Confidence
As Chemist Warehouse continues its international expansion and grows its vendor ecosystem, third-party risk management remains a top priority. “We’re only going to be working with more vendors, not fewer,” Andrew notes. “UpGuard gives us confidence that we can scale securely.”
Nigel sees UpGuard as an essential long-term partner. “The platform keeps evolving, just like our business. UpGuard listens to customer feedback and continues to improve—something you don’t always see with security vendors.”
Head of IT GRC and Assurance
We’re experts in securing data breaches and data leaks
