ALI Group is an Australian-based insurance distribution company that helps protect Australian home and property buyers from financial hardship. By partnering with mortgage brokers, ALI Group has protected over 220,000 customers since commencing operations in 2003.
Lance To is the current IT Manager at ALI Group and manages the network and IT infrastructure, IT regulatory compliance, IT support, and vendor risk.
Before UpGuard, the vendor risk management process at ALI Group was very manual and involved doing a web search on publicly available information to check for any prior security breaches or cyber incidents. They did not have dedicated solutions or a direct process for assessing new vendors to determine their security posture or IT regulatory compliance.
In addition, each vendor had to be reviewed separately, and there was no method of comparing vendor security against each other. Some vendors were reviewed based on their Gartner or Forrester reviews, which were not the best sources to reference due to a lack of details of security postures. Security questionnaires also lacked substance and often took a significant amount of time to complete and send back.
Once vendors were chosen, a manual process involving email and computer folders was used to store documentation of compliance standards, such as ISO 27001 or SOC 2 compliance certifications.
Using UpGuard BreachSight, ALI Group continually monitors its external security posture by scanning for vulnerabilities and risks. Because ALI Group regularly deals with APRA-regulated entities and insurers, any red flags or alerts need to be immediately fixed and remediated to stay compliant with rules from their insurers. In fact, Lance’s first experience with UpGuard was as a third party vendor, when one of ALI Group’s larger insurers, who was also an UpGuard customer, sent Lance a security questionnaire.
“It’s important for us to monitor our vulnerabilities and security ratings because our insurers expect us to effectively protect and secure their data.”
One of the most helpful features that Lance and his team found was the security questionnaires, which he found extremely interactive and insightful. Any security gaps that were found through filling out the questionnaires were flagged immediately and alerted to by the UpGuard platform.
Another one of the main use cases the team at ALI Group utilizes UpGuard for is their internal and external security risk management. Quarterly checkups are performed for each existing vendor to ensure they continue to uphold their security protocols and manage their risks effectively. ALI Group was able to work with vendors that saw a dip in their security ratings to quickly identify areas of remediation.
Shortly after using BreachSight, ALI Group subscribed to UpGuard Vendor Risk to begin assessing third-party vendors and their risk profiles. Lance noted that despite heavy competition from a competitor, ALI Group ultimately chose UpGuard for three main reasons:
- Cleaner layout and better presentation of the platform
- Better in-depth, high-level reporting
- More user-friendly and easier to learn
Additionally, the onboarding process was overall extremely quick and easy, occurring directly following the trial period. ALI Group also used an extended trial to better assess against multiple competitors, after which they chose UpGuard as their preferred service. Lance noted that if he had any questions, he was able to contact the Customer Success team for support or use the chat function to resolve any issues.
After choosing UpGuard, ALI Group was able to see benefits extremely quickly. Lance was able to utilize the executive reporting function to create high-level reports to present to the executive team and board. The automated questionnaires also saved the IT team significant time in producing internal examinations of the organization's security posture.
In one recent case, ALI Group was assessing a potential vendor but found multiple instances of critical and high-risk factors that concerned them. Using the UpGuard platform, they quickly found and assessed a similar vendor and discovered they had much better security ratings and less risk to manage. Subsequently, ALI Group decided to go with the vendor that had the better security posture.
“Other teams (in the organization) don’t approach things from the security point of view and would just come to me with one vendor they want to use. Using UpGuard I can do some investigation and comparison against other vendors and provide alternatives back to the company.”
IT Manager, ALI Group