START logo

One of our Clients is one of the 5 most valuable companies globally.

They are headquartered in California and offer hardware, software, and services worldwide. The Client employs over 80,000 employees.

Third-party risk management

THE CHALLENGE

The continuously growing business scale brought the Security Team of 10 to managing an ever-growing army of vendors. The number of vendors quickly exploded from 10,000 to 30,000 vendors within several years. The team used spreadsheets and emails to facilitate Vendor Risk Management, and the situation was becoming unmanageable.

Team members spent most of their time looking for data, monitoring statuses, and tracking down where everything was. It took them 2-3 weeks to compile standard reports. Countless emails, requests, and remediations clogged their inboxes and killed productivity.

The Client believed that a leading global brand could do better and reached out to ISE to discuss potential solutions.

FACING SIMILAR CHALLENGES?
LET US ADDRESS THEM TOGETHER!

THE SOLUTION

The challenge of this scale requires an approach that covers all the bases and facilitates every related process. START VRM offered the Client a comprehensive solution for their Vendor Risk Management program, from vendor onboarding to remediations and regular reviews.

The introduction of START VRM allowed the team to set up a consistent vetting process for new vendors. “Pre-set controls and questionnaire templates allow us to breeze through the New Service Provider creation steps,” says the Head of Security function.

Our Client's suppliers benefited from this new workflow as well. “We now always have a clear understanding of what is required within the assessment. It’s clear where we stand at the moment.” was a comment that the team has received repeatedly after the introduction of START VRM. 20+ suppliers stated “No need to send follow-up emails anymore” as the main benefit for them.

Our client now has more thorough visibility into the assessment process as well as the ability to flag issues as they surface. This formalized issue tracking allows our Client to know exactly what is going on with each vendor assessment in real-time.

The remediation flow was upgraded with action lists and transparent tracking of their progress. This upgrade brought a significant improvement in remediation speed.

Reporting underwent a complete overhaul as well. Native logic and features replaced all of the tedious, manual reporting processes that plagued their previous workflow. Extensive customization allows the team to access the data efficiently whenever they need it.

Introducing START VRM allowed their Security Team to achieve ground-breaking results.

TIME TO AUTOMATE
YOUR VENDOR RISK
MANAGEMENT PROGRAM

THE RESULTS

START VRM completely transformed Third-Party Risk Management for our Client. It transformed tedious, manual work into intelligent processes with easily accessible data.

  • The reports that used to take 2-3 weeks to deliver are now instantly available in a few clicks.
  • Data is instantly accessible for analysis.
  • Dynamically constructed assessments save time and facilitate the vendor onboarding process.
  • The vendor can now triage remendiation requests faster, and more efficiently.
  • Simplified communication with vendors within START VRM substituted all emails and calls.
  • Automated follow-ups save the team over 15% of their valuable time.
  • The new workflow effectively decreased their number of emails by 40%.

TAKE THIS
SUCCESS STORY
WITH YOU

7 STEPS TO BUILDING AN EFFICIENT VENDOR RISK MANAGEMENT PROGRAM
...

Since 2005, we’ve published research on hacking everything from cars to medical devices to password managers to cryptocurrency wallets to IoT devices. We were the first to hack the iPhone and first to hack Android OS. ← We know how attackers think, operate, and break systems; this expertise is woven into every consulting engagement.

...

Some of the largest technology companies in the world lean on us as security experts, including Apple, Amazon, Google, Microsoft, Disney, Netflix, Qualcomm, and more. ← You should too.

...

You’ll find us all over the major security research conferences in the world, from DEF CON to Black Hat to RSA. Whether we’re there as speakers, organizers of IoT Village, or simply attendees, we work our butts off to relentlessly study the attacker and get better. ← You instantly capture this never ending progress.

Proven Security Experts

You need to understand how attackers think. How they operate. How they’ll break your system.

We know how you feel.

From newly funded startups to Fortune 10 enterprises, we’ve helped companies of many varieties overcome these same security challenges. We’ve published security research on solutions across a range of systems, including cars, phones, IoT, password managers, medical devices, blockchain, AI, AR, and more. You need a partner who can help you find and fix your vulnerabilities. Who can help you get better.

You’re in the right place.

Let's Talk Security

Whether you need testing, consulting, or simply some advice: we're here to help.