Vendor Risk Management Services

More information



Vendor Risk Management

Vendor risk management is the process organizations use to understand the risks that exist and the risks that they assume due to their business relationships with third-party vendors. This is particularly critical for financial services companies as it relates to data sharing and the outsourcing of business functions and processing. Vendor risk management is a standard practice today and has matured to an extent where some leading financial industry groups such as BITS have standardized the process significantly through their Standard Information Gathering (SIG) and Agreed Upon Procedures (AUP) standards. The use of these standards or their derivatives helps organizations understand the risk associated with their vendors and then incorporate appropriate risk mitigation techniques and measures to mitigate the risk.

What can vendor risk management do for you?

Vendor risk management services help companies to quantify, qualify and manage reputation, transaction, regulatory and other risks associated with outsourcing non-core business operations, applications and services to third-parties. While responsibility for performance and delivery may be contracted to a third party, organizations benefit from performing their own due diligence to confirm the implementation of required controls and processes by their business associates.

A vendor risk management program ensures that the company's confidential data and information is protected to the extent necessary to protect the confidentiality, integrity and availability of that information.

ControlCase Vendor Risk Management Services

ControlCase's Vendor Risk Management Services support the identification of critical vendors, the prioritization of risk for the organization, and the assessment and validation of security and process controls of third party outsourcers.

The ControlCase Managed Compliance Services team uses the ControlCase Vendor Manager (CVM) application to help identify, prioritize and management the assessment of our clients' critical vendors. A key differentiator of our service is assessment-over-assessment trend analysis that serves to identify risks and areas that require additional control and supervision. Periodic vendor risk management assessments serve as a foundation of an organization's risk management process.

All vendor-related risks and issues that are identified are presented to the client together with an assessment of impact and recommendations for mitigation or a solution.

Client Benefits

  • The ControlCase Vendor Risk Management Service helps client's to focus limited resources on assessing vendors that are supporting high risk or value areas to their business in an efficient and cost effective manner.
  • The ControlCase Vendor Risk Management Service provides an objective assessment of vendor controls and processes and identifies areas for improvement to protect clients' sensitive information.
  • Our services are enabled using the CC-GRC portal which provides our clients with the ability to closely monitor engagement progress.

Service Frequency

ControlCase Vendor Risk Management Services can be performed as a standalone service or can be bundled with other ControlCase Managed Compliance Services as desired.

Engagements of this nature can be expected to last from 2 to 10 months depending on the number of vendors and the risk assessment and selection process selected.