quoteFewer than half of all respondents say that their organization has established security baselines for external partners, customers, suppliers, and vendors (43%) or requires third parties to comply with internal privacy policies (37%)quote
- PWC Global State of Information Security Study

 


 


Vendor Risk

Managing risk that is inherited from 3rd party service providers and vendors is a key concern in financial services, and in many other industries including healthcare and manufacturing. The Avior BenchMark solution provides a complete automated Vendor Risk Assessment capability. To truly understand how your vendors risk effects your organization it must be viewed and assessed across many disciplines. The most common view is with IT Security, but it should not stop there. Privacy, ability to provide services levels, financial performance, compliance to your regulatory environment, even compliance to there regulatory environment are all disciplines that need to be review in order to have a holistic view of your down stream risk. Many of these risks are people and process oriented only discovered through the assessment and audit process.

Financial industry regulations such as Gramm-Leach-Bliley require financial institutions, insurance companies, securities firms, and other financial organizations to manage and assess risk, including from service providers. Regulators in the banking and securities industries have developed additional compliance guidelines in the form of the FFIEC Interagency Guidelines. This regulatory guidance provides specific requirements for performing 3rd party vendor risk assessments. In addition, outsourcing providers who handle personal non-public consumer data (PII) on behalf of a financial institution or insurance firm, present information privacy compliance concerns. Many of the significant public security breaches in the past few years involved service providers who exposed personal information of their client's consumers.

With widespread use of 3rd party vendors and service providers in the financial and other industries, adequately assessing and managing risk is a costly and difficult process. Some of the key challenges include:

  • Manual risk assessments using spreadsheets and word documents are inefficient and cumbersome, and the data that is developed is not easily used in risk management or remediation
  • Service providers and vendors are inundated with assessment requests from their clients, requiring them to answer similar questions in different formats
  • Tracking remediation tasks required of vendors, and determining your organization's compliance status on a day-to-day basis is nearly impossible
  • The time and expense required to assess vendor risk is considerable, particularly for large and mid-sized financial organizations, who may have hundreds or thousands of service providers

The Avior Vendor Risk Management Knowledge Module is a complete, tailored solution for assessing and managing vendor risk. Avior's Vendor Risk Management Knowledge Module provides pre-built questionnaire templates, workflows, and reports based upon these standards. BenchMark provides numerous features that ease the vendor risk assessment process, including role-based access privileges that will allow an authorized vendor representative to easily designate and create new users with responsibilities for sub-parts of questionnaires.
The Avior BenchMark solution for Vendor Risk Management benefits financial institutions and service providers alike:

  • Assessments are easily performed via a web-based user interface
  • Time and cost are associated with the vendor risk management process is greatly reduced for all parties
  • Data collected via the assessment process is usable by the organization for risk management reporting and decision-making, and for remediation management
  • Questionnaire response data from each service provider is captured in a standard format, and is easily reused to respond to additional assessment requests
  • With Avior’s web services library, ClearView - Automated Compliance Matrix, a single questionnaire results are automatically mapped into multiple regulations and standards, eliminating the overlapping questions and “survey fatigue” of your vendors.

Managed Vendor Risk Service

Avior Computing also offers a Managed Vendor Risk Assessment Service. For organizations that are required to assess and manage vendor risk, this new service can reduce the burden of vendor risk management. Avior and our consulting partners can provide vendor risk management services, including designing effective assessment questionnaires, conducting third party risk assessments, analyzing and reporting on results, and much more. 

Home | Solutions | Contact Us | Top