Wesley Mission Queensland (WMQ) is a not-for-profit community service provider that offers community support, mental health services, aged, disability and palliative care, and retirement living across Queensland. WMQ operates as a mission activity of the Albert Street Uniting Church to provide accessible and flexible services to older people, those living with a disability or mental illness, Aboriginal and Torres Strait Islanders, and vulnerable children and families.
WMQ has a security team within its Business Services Group whose primary responsibilities are to perform third-party security and vendor assessments, as well as conduct vulnerability scans and monitor the security posture of the company.
The Challenge
Before using UpGuard products, WMQ used a manual vendor monitoring process with lengthy procedures and multiple spreadsheets. The procedure involved sending multiple, basic questionnaires so the security team could perform manual risk assessments and provide a brief report to stakeholders and management.
“We had basic questions regarding business processes and security controls, but wanted to go deeper to provide high-level reporting that provided clarity into the vendor.”
Once the team at WMQ received the questionnaire answers, they would have to manually copy and paste the responses into their own spreadsheet which was time consuming.
Additionally, WMQ wanted to increase the level of detail in their questions to assess infrastructure or application security for each vendor.
The Solution
WMQ introduced the UpGuard platform primarily for third-party and vendor risk assessments. During the risk evaluation process, the security team can run an instant security rating to view the entire risk profile and historical risk trend line to determine if the vendor has adequate security controls. They also use the custom questionnaires to tailor to the specific business type of the vendor.
“Now that we use UpGuard, we have a lot of the information required before we begin the assessment process. UpGuard provides instant security reports before the questionnaires are sent out.”
UpGuard’s automated scanning process can also quickly identify the domains and IPs that were at risk so WMQ can assess if the vendor is keeping up with their security requirements or if they can just waive the risk. UpGuard’s platform can also store questionnaire responses in one centralized library for easy access during re-evaluations.
“The vendor onboarding process was very straightforward and easy using the UpGuard platform. The UpGuard application tools, functionalities, and navigation are all very clear and new features are easily implemented.”
The security team at WMQ also uses the UpGuard platform to generate monthly BreachSight reports on their own security posture. The team monitors their own security and is able to compare it to similar organizations and competitors to ensure they are exceeding the standard. If the team finds any immediate internal security issues, they can immediately send the scan reports to the ops team for remediation.
The Result
After implementing UpGuard into their security processes, WMQ was able to see significant improvements in reporting, scanning, and assessment processes within the first 3-6 months.
“If last minute reports are needed, the team can use UpGuard to save significant time to expedite the process. In one example, the security team was able to send out a questionnaire in the morning and create an executive report by the same evening.”
When new features like reporting functions, vendor risk tiering, and new risk metrics are introduced, it’s quick and easy to implement into their own security procedures. The IT team has also begun to use the executive reports to provide high-level insight and metrics to stakeholders and management team.
Furthermore, WMQ has quarterly meetings with the Customer Success Team to learn how to use the new features which is extremely helpful for them. Being able to quickly access technical support as they need it has also been a huge benefit for the WMQ team.