An Ode to Narcotics
I admit, the title of this blog was written to grab your attention. But it was also legitimately inspired by recent personal events. About a month ago, my daughter underwent shoulder surgery, and given her multiple shoulder injuries over the years, it was an extensive procedure that involved bone graphs and several medical terms I don’t understand and can’t pronounce (or spell). We brought her home with a collection of Schedule II narcotics that would make the members of Aerosmith (circa 1978) salivate.
For about 3 days, she was barely coherent, but those pills took the pain away. Now thankfully limited to some Tylenol and a steady diet of Netflix, she’s the proud owner of, effectively, a brand new shoulder – better than new according to her surgeon – all without the pain (at least most of it) that would be intolerable without those miracle pills.
I really shouldn’t be equating Prevalent’s new Synapse Exchange evidence-sharing, risk management platform to potentially addictive hallucenigentic pharmaceuticals, but, frankly, I’m about to do just that.
In a world where the concept of vertical integration is anathema, and all successful organizations depend on extensive ecosystems of vendors for products and services critical to their operations, successfully managing third party (vendor) risk, especially to sensitive data, is unavoidable.
But real, substantive vendor risk management is hard, time-consuming, resource intensive…painful. The security controls and operational policies of vendors need to be understood and analyzed, a process that requires vendors to provide extensive data (“evidence” in the lexicon of the community). Multiple, simultaneous communications with dozens, hundreds, and in some cases, even thousands of vendors must be initiated, tracked, and coordinated with multiple members of the organization. Sadly, to date, there are no shortcuts available to circumvent this process. Either you take the management of vendor risk seriously, or you don’t.
With Synapse Exchange, however, you can now have your cake and eat it to (or to remain true to the blog’s metaphor: you can have your new, stable, shoulder back, without the excruciating pain).
Synapse Exchange does the dirty work for your organization. The vendor data is collected and validated, risk-scored, and made available to participating Exchange organizations with about 3 clicks of the mouse. Details of the evidence collection are presented in an easily consumable application. Housed in a secure environment, Prevalent’s moderators handle all the NDA and legal requirements understandably important to vendors. The platform is questionnaire-agnostic. SIG, SIGLite, DDQ, etc….no problem. Want access to a document like a HITRUST certification or SOC 2 report? If the vendor has it, we can make it available on your Synapse platform.
When you join the Synapse Exchange, you not only have immediate access (with vendor approval, of course) to the evidence provided by hundreds of vendors (soon to be thousands), but you also, literally, have the robust, feature-rich Prevalent Synapse 3rd Party Risk Management platform at your fingertips. You can track and manage all your vendors, run analytics, compare risk scores, launch your own assessments and Findings, and avail yourself of any number of platform features.
Being asked by your customers to provide controls information? Has responding become a burden? No problem for Synapse Exchange participants. You can add your evidence to the Synapse Exchange repository, point your customers to it, and get back to the business of building your business.
Think of the Synapse Exchange as the Oxycodone of 3rd Party Risk Management.
On second thought, maybe I should stick with the “have your cake and eat it too” thing.