One of the largest insurance companies in the world was faced with an inconsistent, manual approach to assessing supply chain partners, which restricted visibility and increased security risks. By implementing the Prevalent Third-Party Risk Management Platform and leveraging Prevalent Vendor Risk Assessment Services, this under-resourced team exceeded its goals and achieved a measurable return on investment.
A global insurance company with over 500 suppliers was struggling with an inconsistent, manual approach to conducting third-party risk assessments. Because the process was spreadsheet-based, the team of three people responsible for vendor risk assessments at the time was not able to scale their program to assess new suppliers.
The assessment team was also challenged to adapt their ISO-based questionnaire to the organization’s specific needs – without burdening assessors with excessive interpretation requirements.
The company chose Prevalent to address their supplier assessment challenges. Prevalent’s Vendor Risk Assessment Services helped to establish a consistent and repeatable assessment process, build a standardized questionnaire to gather necessary data, and centralize all suppliers in the Prevalent Platform.
First, Prevalent utilized the profiling and tiering capabilities available in the Platform to identify 50 critical, tier-1 and tier-2 suppliers out of the total population. Prevalent then augmented the existing team by collecting all assessment data from these critical suppliers in under four months, markedly streamlining supplier collaboration.
Next, Prevalent conducted remote reviews to validate the assessment responses and controls reported by suppliers. Finally, the Prevalent ROC team met regularly with the client team to ensure assessments were on track, that key performance indicators (KPIs) were being met, and that the company’s risk assessment processes were continually maturing. “We haven’t experienced that level of partnership before,” said the company’s information security advisory services manager. “Prevalent’s level of engagement was out of this world.”
Having this solid foundation in place has enabled the team to expand their supplier risk management initiatives. Because they have Prevalent managed services to support them, they can now:
The company has seen tremendous return on their investment with Prevalent. They now have a third-party risk management platform that fits their needs, managed services to help them with process and scale, and the knowledge and skills needed to bring supplier risk assessments back in-house.
With Prevalent’s support, the team is now able to assess 800 suppliers with an expanded team of five. They have also improved their supplier assessment coverage from 30% to 100% of tier-1 suppliers, 80% of tier-2 suppliers, and 70% of tier-3 suppliers – amounting to an 85% overall improvement.