Taking careful steps to trust third-party vendors

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.

Feb 06, 2017

Taking careful steps to trust third-party vendors

PwC assisted a large global retailer with the establishment and operation of a wide-ranging third-party vendor management program to meet compliance requirements and to reduce operational risk.

Client’s challenge

Meet compliance requirements and reduce risk across its worldwide vendor and supplier portfolio

  • The company needed to quantify and reduce risk by assessing its vendors under the Payment Card Industry (PCI) Data Security Standard (DSS).
  • Internal resource constraints coupled with the complexity and speed of compliance-related changes were hindering its attempts to meet compliance obligations and reduce risk.

View more

PwC’s solution

Helping to establish a third-party risk management program to vet and monitor vendors by:

  • Identifying and stratifying vendors based on the level of access to the company’s infrastructure and sensitive data.
  • Developing standardized questionnaires to assess vendors and ranking them according to risk profile.
  • Building a project management office and helping to implement processes that can scale across thousands of vendors.

View more

Impact on client’s business

  • The company has vastly improved its visibility into its vendor portfolio.
  • It is managing risk more efficiently and is better positioned to respond quickly to evolving regulatory and other compliance requirements.
  • Future vendors will be assessed during contract negotiations, enhancing the ability to meet compliance requirements and manage and reduce risk.

View more

"Our goal was to help both the company and its vendors improve their communication and compliance and, in doing so, mitigate the risks for everyone involved."

Contact us

Scott Greenfield

Scott Greenfield

Digital Risk Solutions Leader, PwC US

Todd Bialick

Todd Bialick

Deputy Risk Assurance Leader, PwC US