Atul Vashistha, Chairman and CEO
In the age of global supply chains and ever rising threats, enterprises depend heavily on third-party vendors and service providers to successfully conduct their businesses. While sourcing helps companies meet their objectives and compete in the market, it is inadvertently exposing them to more risks, including increased cybersecurity risks. “Every third party, while providing benefits, also presents a new overall risk and cyber-attack surface to their own company,” says Atul Vashistha, Chairman of Supply Wisdom.
A recent data breach at one of the largest hospitals in the U.S., where cybercriminals accessed an internal network and compromised the confidential data of thousands of patients, originated with a third-party collaboration. This is just the tip of the iceberg. Such incidents have a significant negative impact on the companies’ reputation and financial performance. In another example, a hurricane shut down access to offices and a data center, disrupting operations of the third party, which in turn impacted the company’s operations.
In these scenarios, both companies needed the ability to have early warning through real-time monitoring of third parties and other stakeholders across their entire business relationships. Since 2012, Supply Wisdom has been helping companies successfully achieve this, by providing real-time, continuous risk intelligence and monitoring of these third parties and locations. “Our solution facilitates real-time and continuous risk monitoring by leveraging automation and analysts reviewing millions of events every day—reported from thousands of sources—across more than 30 languages, to expose risks that need the client's attention.” says Sandeep Suresh, Head of Data and Analytics for Supply Wisdom.
Continuous Risk Monitoring
Traditionally, risk assessments are performed at the beginning of the sourcing lifecycle or procurement, and afterward, episodically, if at all. This episodic practice is insufficient as risk is constant and risk events may occur at any time. In a recent E&Y survey, over 50 percent of the respondents revealed that their companies had experienced a total outage disruption over the last two years. Another survey by Deloitte showed that only 13.6 percent of companies had forward-looking vigilance capabilities to identify imminent risks and performance issues of third parties. “Risks are continuous and so is Supply Wisdom's real-time risk intelligence and monitoring. In the future, an increasing number of companies will add continuous risk monitoring capabilities to their governance and third-party risk management (TPRM) functions so that early warnings and increased awareness of risk can drive better, objective, fact-based decisions to minimize or mitigate risk. Solutions like Supply Wisdom will play a critical role in their risk mitigation methods,” shares John Bree, Chief Evangelist at Supply Wisdom.
Their solution is already being used by Fortune 1000 clients to enhance sourcing decisions, minimize or avoid costly service disruptions, and optimize business continuity planning.
A Comprehensive Third-party Risk Management Solution
Companies often limit the focus of their risk efforts to the financial and cyber assessment of third parties. “This does not present a full picture,” says Vashistha. Supply Wisdom equips companies with risk and market intelligence to evaluate risks, mitigate the impact, and nurture relationships. Supply Wisdom's six categories of third-party risk: financial, cybersecurity, GRC, solutions maturity, client, and people are incorporated in their risk framework to offer the industry's broadest third-party risk monitoring.
Supply Wisdom facilitates real-time and continuous risk monitoring by reviewing millions of events every day, reported from thousands of sources
With today’s global supply chain complexity, companies have to think beyond third parties as the frequency and severity of disruptions from location related incidents, like strikes and natural disasters, are exponentially increasing. Supply Wisdom's risk framework includes eight location specific categories: geopolitical, legal, financial, scalability, macro-economic, infrastructure, business, and quality of life. “This real-time, continuous coverage provides early warning and a comprehensive view of risk, minimizing or avoiding costly service disruptions and ensuring continued operations,” says Suresh. Clients have a 360-degree comprehensive view of risk assessment for all critical third parties and the locations in which they operate.
Supply Wisdom's comprehensive cyber risk scorecards and real-time risk alerts enable enterprises to quickly assess the cyber susceptibility security posture of their third parties, compliance against industry standards, and institute corrective action. Supply Wisdom integrates services from NormShield for security ratings and provides CIOs with actionable cybersecurity assessments of their third parties. Combined with continuous negative incident monitoring, CIOs stay prepared in a constantly evolving risk environment.
A Golden Balance between Automation and Human Intelligence
What really differentiates Supply Wisdom is its ability to deliver a one-stop shop solution where clients can monitor all risk categories. Alternatively, clients can choose the categories to monitor that are relevant to their specific needs. Further, as it's delivered through the cloud, companies get access to risk intelligence and monitoring within 24 hours of sign up, and Supply Wisdom's open APIs enable companies to integrate any part of the data, alerts and/or scores into their tools and platforms.
This flexibility is a major advantage for clients to replace multiple subscriptions with different vendors for different categories of risk monitoring with one Supply Wisdom subscription to streamline their work and realize significant cost savings.
Additionally, Supply Wisdom helps clients utilize resources more efficiently. Many companies in the market offer limited risk category monitoring and alerting that includes false positives, resulting in a significant portion of the risk management teams’ time being spent sifting through alerts to find the risks that matter to them. “The real-time, curated alerts categorized by impact level and continuous access to Supply Wisdom’s risk intelligence can increase TPRM team productivity by as much as 50 percent as compared to manual methods,” adds Suresh. “Clients love Supply Wisdom because we achieve a golden balance between automation and human intelligence. Many of our processes are automated, but our analysts curate the alerts that are issued and offer actionable guidance for those events. We proudly say that our clients see zero false positives in our risk alerts, allowing them to focus their time on responding to risk events rather than identifying them.”
For one of Supply Wisdom’s clients, the real-time alerts feature proved to be a lifesaver. The client was alerted days in advance, about an imminent weather catastrophe, allowing them to proactively set in motion their business continuity plan with one of their third parties operating from that location. With Supply Wisdom’s early warning, the client managed to prevent three potential lost days of service from their third party and was able to focus their efforts on the mitigation.
In another case, Supply Wisdom alerted one client to a possible significant loss of talent from one of their third parties due to a delayed payroll. The client was able to stay on top of a potential service disruption because Supply Wisdom monitored people risk and alerted them to a cash flow crunch, which was not reflected in their third party's financials until the next quarter.
Such examples stand as a testament to Supply Wisdom’s prowess in helping clients successfully conduct business in a dynamically changing risk landscape. “Continuously evolving over the last seven years, we continue to upgrade our platform in line with the changing nature of risk and as new threat vectors emerge,” says Vashistha.
As more companies start to house their vendor and supplier management within GRC and IRM platforms, Supply Wisdom is working with many platform vendors to integrate its solution as an objective source of continuous risk intelligence through APIs. The company's data feeds give these platforms an edge with their independent, real-time, continuous risk intelligence and monitoring across the broadest third-party and location risk categories available in the market. “We will also continue to provide capabilities from a service and cost perspective that will not only cover critical third parties and locations, but the entire group of third parties through a unique, tiered model,” concludes Bree.