ScotPac is the largest specialist working capital provider in Australasia, with more than 2,800 clients in industries across transport, labor hire, manufacturing, wholesale, import, and printing. With more than 250 employees across Australia, New Zealand, and China, ScotPac’s vision is to be the first choice for SMEs, to help them increase cash flow and achieve their business aspirations.
The challenge
ScotPac’s independent status enables them to react quickly to the increasingly changing needs of their clients and adopt a more flexible approach than most other commercial finance providers. However, the current processes, or lack of, within the security team meant little visibility and structure around managing the company’s own security posture, and third-party risk assessment processes.
Michael Taylor, Head of Service Delivery at ScotPac, was looking for a more robust and consistent method of managing and onboarding new vendors.
“As we onboarded a vendor, we would ask them basic security questions and do some basic checks. There was nothing really uniform or consistent about the way we did it.”
The team would rely heavily on what the vendor had written into their contract and what was communicated to them at the time. This meant there was no way to validate the information.
Additionally, whilst all vendor information was being saved in one location, it was not consolidated and filed in a logical manner. Michael found there was no process to follow when asking questions to vendors, and an inconsistent way of recording and storing responses and information about their vendors.
“The best we had was one location where you stored all the contracts for our vendors. It wasn't even as coordinated as a spreadsheet.”
The solution
Michael was looking for a solution that would help establish a vendor risk management process that would bring about consistency and uniformity to ScotPac.
After dealing with one company that had overly complex and cumbersome licensing, and another where he had to deal with a reseller rather than the company directly, Michael decided on UpGuard as it offered all the necessary features ScotPac was looking for in a vendor risk management solution.
“We looked at some online reviews on platforms like Gartner and UpGuard was one of the top-rated platforms there.”
Upon using UpGuard, Michael found the solution easy to use and appreciated that he can now view the security ratings of vendors quickly. When other parts of the business are considering a vendor, Michael is able to run and provide a report from the solution as part of the vendor risk management process.
“When other people at the company are looking at a vendor, I enter the details, get the rating, and send the report back to them. I've then had people say to me, what sort of witchcraft is this? And literally, they've been amazed how quickly it has been to get at least a baseline or an idea of the security rating of prospective vendors.”
As ScotPac began with no formal process of assessing their vendors, it was important that the solution was also easy to onboard for the team. Michael also found the entire trial and purchase process simple and straightforward.
“As soon as we started using it, we kind of went, wow, this has opened a whole lot of information that we just didn't have access to before.”
The results
Establishing a vendor risk management process
UpGuard has not only improved the vendor risk management processes at ScotPac but established it by giving the team focus and clarity in quantifying the security ratings of its vendors. Michael is now able to send questionnaires to vendors, and quickly identify and focus on individual responses for further investigation and remediation.
Furthermore, one of the most valuable features of UpGuard for Michael is the continuous scanning and updating of a vendor's security posture. If a vendor’s security rating drops below a certain threshold, this instantly triggers the team to review and discuss with the vendor, ensuring a more robust vendor risk management and assessment process.
Building better vendor partnerships
Using UpGuard has also enabled ScotPac to build better relationships with some of its vendors.
“It's also been really good for a couple of our vendors who actually had quite low scores. We've pointed out a number of flaws to them and they've really found the information out of UpGuard very useful as well.”
Better management of its own vulnerabilities
To support ScotPac’s goal to be the first choice for SMEs, and provide transparency to its customers, UpGuard has enabled the company to better manage its own vulnerabilities. The solution has been able to identify a few areas that needed improvement and allowed the team to delve further into the details of ScotPac’s own environment. This means that Michael is now able to work more cohesively with internal teams to remediate those issues and reduce the company’s overall risk exposure.
Want to experience the same vendor risk management benefits as ScotPac?
Head of Service Delivery, ScotPac
We’re experts in securing data breaches and data leaks
