Security ratings and automated third-party risk assessment help to scale their vendor risk management program.
Established in 1992, our customer is one of Australia’s largest fund managers with more than 750,000 customers. They are the custodians of an asset pool of over $90bn.
Headquartered in Sydney, Australia with offices throughout New South Wales, the Australian Capital Territory, Victoria and Western Australia, Our customer has a team of more than 800 employees servicing the needs of its customers.
With today’s increasing exposure to third-party risks, and the upcoming release of Australian financial services regulator APRA’s CPS 234 “Information Security” standard, our customer wanted to understand how their third-party vendor security was performing from an external perspective. Additionally, our customer recognised the limitations of traditional, spreadsheet-based vendor security questionnaires, which often result in fewer vendors being monitored due to cumbersome workflows and manual process inefficiencies.
UpGuard was chosen to get visibility into the risks of their own systems, as well as those of their vendors and partners. UpGuard VendorRisk provides continuous risk monitoring, security ratings, and automated vendor questionnaires. UpGuard’s risk monitoring capabilities provide assurance that our customer's own internet-facing properties were securely configured and gave them the technical information to guide their vendors toward reducing risk to an acceptable level. Vendor security ratings enabled the team to prioritize the assessment of third parties based on risk and the questionnaire assessments closed the loop with detailed responses on internal controls needed to safely do business.
By comparing spreadsheet-based processes to VendorRisk’s workflow, our research has shown that a benefit of automating security questionnaires is a 42% reduction in time to assess each vendor through automated workflows and reduced friction from the vendor side. Our customer has been able to assess and monitor up to 14 more third-party vendors than otherwise would be possible, without increasing headcount.
UpGuard VendorRisk provides external intelligence on security performance and enables comparisons with industry peers. This gives our customer the ability to see which security risks are affecting their overall security performance with ongoing comparison against their industry average.
Our customer uses UpGuard VendorRisk to monitor and assess 56 third-party vendors, and has issued them 38 security questionnaires. They also use VendorRisk to monitor 40 of their own digital assets.
After over a year of working together with UpGuard, Our customer's executive IT leadership were satisfied with the progress made and are continuing the partnership with UpGuard.
Book a call with one of our specialists and we'll arrange a time for a demo.