Meet compliance requirements and reduce risk across its worldwide vendor and supplier portfolio
- The company needed to quantify and reduce risk by assessing its vendors under the Payment Card Industry (PCI) Data Security Standard (DSS).
- Internal resource constraints coupled with the complexity and speed of compliance-related changes were hindering its attempts to meet compliance obligations and reduce risk.
Helping to establish a third-party risk management program to vet and monitor vendors by:
- Identifying and stratifying vendors based on the level of access to the company’s infrastructure and sensitive data.
- Developing standardized questionnaires to assess vendors and ranking them according to risk profile.
- Building a project management office and helping to implement processes that can scale across thousands of vendors.
Impact on client’s business
- The company has vastly improved its visibility into its vendor portfolio.
- It is managing risk more efficiently and is better positioned to respond quickly to evolving regulatory and other compliance requirements.
- Future vendors will be assessed during contract negotiations, enhancing the ability to meet compliance requirements and manage and reduce risk.