This global leader empowers thousands of organizations in over 100 countries to enhance customer and employee experiences. Through its AI-powered cloud platform, it enables organizations of all sizes to deliver personalized, scalable experiences.
We sat down with the organization’s Head of Security Assurance and Third-Party Risk Manager to learn more about their UpGuard experience.
The Head of Security Assurance supervises third-party risk management, drives security strategy, and oversees stakeholder partnerships. The primary responsibilities of the Third-Party Risk Manager are to lead the TPRM program, conduct risk assessments, manage vendor relationships, and conduct ongoing vendor monitoring.
“We knew no one tool would be a silver bullet, but we were looking for a solution that met the majority of our requirements without too much extra customization. When we compared the tools, UpGuard came out on top.”
The Challenge
This organization’s third-party ecosystem is massive, and before using UpGuard, the company faced operational challenges regarding third-party risk management. During the infancy of its TPRM program, the company used a procurement database to keep track of its third-party records. This database worked well for their Procurement team but didn’t provide the insight necessary to comprehensively evaluate vendor security posture, track security performance over time, or identify real-time threats and vulnerabilities throughout the vendor lifecycle.
However, developing a robust TPRM program and calibrating it to monitor thousands of vendors can be a strenuous endeavor. Fortunately, the organization was already familiar with UpGuard. The organization’s Incident Response team was using UpGuard’s BreachSight product to monitor its attack surface. Having discovered UpGuard Vendor Risk, the company went to work and outfitted a formal TPRM program.
The Solution
The organization started to restructure its TPRM program. They immediately understood each vendor’s security posture better, utilizing UpGuard’s Security Ratings to gain a high–level measure of each vendor’s cyber risk. From here, the organization’s security team leveraged UpGuard’s Vendor Portfolio to quickly sort through a large list of legacy vendors, removing those that were no longer active and separating active vendors across different business units.
“What stood out to me most about UpGuard is its usability—just how intuitive it is. I can easily check vendor scores, create questionnaires, and assemble reports. UpGuard provides a more comprehensive solution for managing a third-party risk program.”
As the demands of the organization’s TPRM program grew, the team started using additional features of UpGuard Vendor Risk, including security questionnaires, risk assessments, and continuous monitoring. These features have empowered the company’s security team to develop a comprehensive TPRM program that successfully evaluates and monitors the security posture of vendors throughout the entire third-party lifecycle, from onboarding to offboarding.
In addition, the organization overhauled its reporting program using UpGuard. The team needed a tool flexible enough to craft tailor-made reports for a combination of stakeholders, including internal executives, external auditors, and customers. With UpGuard, the Head of Security Assurance and others on the team can consistently create customized report templates that utilize the exact insights and data their stakeholders want. These templates allow the team to quickly assemble polished reports on-demand in under a minute.
“UpGuard’s reporting feature really made a difference because you can easily tag and filter to get the exact types of data different people are asking for."
The Results
Overall, the effectiveness and accuracy of the organization’s TPRM program have increased significantly since onboarding UpGuard. The software company now has a fully calibrated team that manages over 1,000 vendors and uses UpGuard daily to perform vendor due diligence, conduct risk assessments, send security questionnaires, pursue remediation alongside vendors, and craft detailed stakeholder reports.
By using UpGuard and its toolkit of automated features and workflows, the organization’s security team has also significantly decreased the amount of time spent on essential TPRM tasks compared to approaching these same tasks manually. On average, the team saves eight to 10 hours per week by using UpGuard to streamline their vendor onboarding and risk management programs. Another area where the team has seen exceptional results is stakeholder reporting. Creating stakeholder reports used to take the organization hours, but now, with the help of UpGuard’s reporting templates, personnel can compile holistic reports in just a few minutes.
“UpGuard’s self-service questionnaires have enabled us to bring critical vendor analysis in-house, reducing our assessment SLA by 1-2 weeks per vendor. We’re also saving 2 hours per vendor in onboarding, risk management, and reporting, equating to approximately 8-10 hours per week in time saved.”
In addition to the information security team, other departments around the organization also rely on UpGuard for vendor risk insights and first-party security data. Today, UpGuard helps several teams at the company, from business compliance and customer care to incident response and enterprise architecture, complete essential tasks and secure the organization’s first and third-party attack surfaces.
“I use UpGuard all day, every day. I live in it.”
Throughout their experience with UpGuard, the Head of Security Assurance and the Third-Party Risk Manager have been impressed with the platform’s extensive range of features and the expertise and responsiveness of the Customer Success team. They’re both very appreciative of the team’s speed and the overall dedication customers receive.
In conclusion, the organization’s partnership with UpGuard has transformed its TPRM program, enabling the team to manage vendor risks and enhance overall security. The ease of use, robust features, and exceptional customer support provided by UpGuard have been instrumental in driving improvements across their organization, setting a new standard for third-party risk management.
“UpGuard’s customer service is great. We get a transparent and honest response when we propose or ask about an update. If the feature is achievable, they always make an effort to enable it.”