TravelPerk is a travel management company with offices in Barcelona, London, Berlin, and the USA, that provides automated travel services for businesses.
The Senior Information Security Risk Specialist for TravelPerk and his IT security team manages the company’s third-party risk and cyber risk.
Before upgrading to UpGuard, the cyber and vendor risk management processes at TravelPerk were largely still developing and at an early, immature stage. The main processes used were spreadsheet-based vendor audits and activity monitoring, as well as using manual spreadsheets to conduct internal audits.
“Before using UpGuard, our cyber risk management processes were very immature and still developing. Even after we started using UpGuard, we weren’t leveraging the tools the best we could.”
The largest pain point for TravelPerk was figuring out how to assess against particular controls and gathering enough evidence from vendors to ensure compliance. However, the manual nature of their security tracking, monitoring third-party risk, and compliance auditing was not a pragmatic approach for their business needs. Even after sending out security questionnaires, TravelPerk had no way of storing responses to reference back at a later time.
Along with the GRC team at TravelPerk, the Senior Information Security Risk Specialist and the IT security team uses every product within the UpGuard platform – attack surface management, third-party and vendor risk management, and data leak monitoring. The main reason they subscribed to all the products at UpGuard is that they noticed a large increase in cloud provider use in their vendors. Using the automated tools, TravelPerk can gain better visibility into the vendor’s security posture and quickly determine whether or not they should do business with those vendors.
The top three benefits that TravelPerk saw were:
- The ability to customize questionnaires for specific vendors to meet different industry standards
- Detailed scoring metrics and analysis of a vendor’s security score, specifically in attack surface and vendor risk management
- Determining critical risk impact levels for different vendors and categorizing the vendors by importance to make executive decisions. The UpGuard platform also makes it easy to pull data and metrics supporting these risk factors for decision-making.
“The relationship with the Customer Success team at UpGuard, and being able to reach out at any time to learn how to leverage the tools and features as best as possible, is a key reason for our success.”
One reason why TravelPerk sees continued success is the high-level support that UpGuard provides with its Customer Success (CS) team. While TravelPerk initially did not understand how to leverage the features to their maximum potential, they were able to work closely with the CS team to learn how to build a process around UpGuard tools and scale their business needs.
The IT security team at TravelPerk use UpGuard every day to evaluate a continuous stream of potential vendors and determine if various security risks are worth taking on or has a chance for improvement. In addition, the IT security team utilizes the UpGuard platform multiple times a week to keep close track of TravelPerk’s own attack surface.
Faster remediation with data leak detection and monitoring
Currently, TravelPerk tracks five keywords with the UpGuard Data Leaks product for their Defensive Operations teams. Those five keywords are the main trigger points to detect potential data leaks and provide immediate feedback for remediation.
“Using UpGuard, we’ve saved at least 50% of the time needed to assess our customers and vendors. We’ve given them criteria in which they can also self-assess and leverage UpGuard to speed up processes. Having those controls in place has massively helped put confidence in our stakeholders.”
Improved risk management process through automation
Through UpGuard, TravelPerk was able to build a much more well-rounded structure with its cybersecurity that scales with its end-to-end operations that were non-existent before. With automated tools and customizable risk assessments, TravelPerk was able to establish a set of criteria for scoring vendors and suppliers instead of relying solely on security questionnaires.
One particular feature that TravelPerk has been able to utilize greatly is the ability to set reminders for security due diligence questionnaires, as part of the process for vendor monitoring. Automating the reminders within the audit process reminds the security team to send a new questionnaire every 6 or 12 months to vendors to ensure that they are upholding their security and risk management processes, rather than tracking these manually.
Better decision making to support a growing business
As the numbers of vendors continue to increase with scaling business growth, UpGuard has been able to help cut down time spent on vendor monitoring by over half for TravelPerk. With the new summary and executive reporting functionalities, the Senior Information Security Risk Specialist can quickly make necessary decisions based on risk factors. And ultimately, with every new function and integration that UpGuard releases, TravelPerk is confident that they can work closely with UpGuard to learn how to best use every tool to their advantage.
Want to experience the same vendor risk management benefits as TravelPerk?
Senior Information Security Risk Specialist, TravelPerk