Westfund is an Australian regional-based, not-for-profit health fund with a mission to put people over profits.
Luella Allan is the information security manager at Westfund. She oversees the company’s third-party security assessments and supplier due diligence for all current and prospective vendors.
The Challenge
Before UpGuard, Luella and her team sent lengthy paper-driven security assessments to evaluate each vendor’s security posture. Not only was this process frustrating and time-consuming, but it also had no way of benchmarking a vendor’s security posture against other vendors or industry standards.
“We had no way of determining the overall maturity of a vendor. So we had no way of estimating and comparing security maturity between vendors when going to tender.”
Because Westfund’s vendor assessment process was paper-based, the management process for each assessment was slow and inefficient, making it difficult to collate and track responses.
“It was tough, especially during the following up process. We needed to ensure all requested documentation was attached and compare it to what was provided previously. It's extremely laborious when you’re tracking everything with emails and spreadsheets.”
Westfund’s paper-based system was incapable of assigning a weight to each third-party risk, which meant the security teams had no way of identifying and prioritizing critical security risks.
“We couldn't estimate which security risks should be prioritized, so it was very hard to determine what required urgent attention when evaluating assessment responses.”
The Solution
Because Westfund stores large amounts of Personal Identifiable Information, Luella and the team were careful only to consider solutions that met their high-security standards. The CIO of Westfund recommended UpGuard after reviewing the solution and identifying its potential for filling Westfund’s vendor security knowledge gaps.
Luella was particularly relieved to learn that the entire third-party risk management lifecycle could be managed within the UpGuard platform, eliminating the need for multiple solutions and the workflow interruptions that occur when switching between them.
“I love that I can plug in a URL to get an indicative rating, the ability to monitor security posture changes over a period of time, the ability to send questionnaires and then request remediation all from one platform. It’s so much easier than, you know, jumping off to send an email and then jumping back on.”
UpGuard has also removed any anxieties associated with tracking and maintaining compliance with CPS 234.
“If our regulators ever want to learn about the state of our third-party vendor security, we can very quickly and easily answer their queries. We can demonstrate that we’ve been monitoring vendor security during the onboarding process and throughout our entire relationship.”
While trialing UpGuard, Luella, alongside Westfund’s CIO and technical services manager, finally understood their third-party vendor security efforts with a level of clarity that had not been possible before. This “a-ha” moment was followed by a quick decision to sign up to the UpGuard platform.
The Result
UpGuard has significantly accelerated Westfund’s onboarding process, which means the company is now in a position to scale its operations both rapidly and securely.
Want to experience the same vendor risk management benefits as Westfund?
Information Security Manager, Westfund