Elevating Supply Chain Cybersecurity: How a Top Global Energy Company Boosted Third-Party Screening Using Venmonitor™
INDUSTRY: ENERGY
COMPANY SIZE: $150+ BILLION
Better Decision-Making Processes
The Company has been able to make faster and more informed decisions about their suppliers, as they have access to data and insights from Venmonitor™ without needing to contact the supplier.
This Global Energy Company is focused on third-party risk management as cyberattacks on supply chains have become more frequent and sophisticated. To do this, they have a global team that oversees the security assessment and compliance of third-party service providers. The team is responsible for screening, selecting, onboarding, and monitoring new and existing suppliers in their portfolio. The Energy Company works with over 30,000 suppliers across a diverse and geographically dispersed third-party network that covers 100 countries. The team ensures that these suppliers meet the Global Energy Company’s security standards and comply with the relevant regulations and policies.
The Challenge
Improve existing processes
The Global Energy Company wanted to enhance existing processes by developing a third-party screening framework that would allow them to more quickly execute on screening the potential of third parties and with less manual activities and without involvement of said suppliers. To achieve this, they wanted to be able to screen potential suppliers covering multiple domains based on open-source data, including cybersecurity, data privacy, ethics and compliance, and finance. These domains are critical for ensuring the security and compliance of the Company’s IT systems and data.
“Conventional third-party risk management approaches are no longer effective in allowing a proactive response to emerging supply chain risks and provide a challenge in terms of time and effort required. Supply chain risk requires the ability to adopt new unconventional multi-faceted approaches, with ability to highlight risk areas before committing resources for further engagements.”
Security Advisor
Global Energy Company
The Solution
Real time monitoring with Venmonitor™
To turn their vision into reality, the Global Energy Company partnered with Venminder, who developed and launched Venmonitor™, a cloud-based platform that provides comprehensive and continuous screening of third parties across multiple domains. Venmonitor™ collects and centralizes data from best-in-class risk intelligence providers, generating an overall risk score and risk profile for each third party. These scores and profiles highlight the strengths and weaknesses of the third parties’ security and compliance posture. The Global Energy Company leverages the external screening data from Venmonitor™ to enrich the screening of potential suppliers. This enhanced screening before signing a contract provides the Company with early warnings on security and compliance risks during the vendor selection process, enables them to make data-driven decisions, improve negotiations during contracts, and provide increased transparency on supplier security posture.
The Global Energy Company designed an IRM third-party screening framework that combines their inside risk assessment with the outside view that Venmonitor™ provides. This framework allows the Energy Company to prioritize the most critical suppliers, identify the most relevant domains for each supplier, and determine the appropriate level of due diligence for each supplier. The Company also uses Venmonitor™ to assess the ongoing performance of their existing suppliers and identify any changes or issues that may affect their risk profile.
The Results
Time and cost reduced
Since implementing Venmonitor™, the Global Energy Company has been able to improve their supplier screening process in several ways. Some of the benefits they have experienced are:
Reduced time and cost of screening
The Company has been able to reduce the time and cost of screening potential suppliers
Enhanced risk management and mitigation
The Company has been able to enhance their risk management and mitigation capabilities as they can identify and address risks earlier in the supplier lifecycle, negotiate better terms and conditions with suppliers
Avoidance of engaging with suppliers with low security posture
The Company avoided engaging with suppliers showing poor cybersecurity hygiene during tendering process to improve overall security posture of entire supply chain
Faster decisions and increased productivity
The Company has been able to make faster and more informed decisions about their suppliers, as they have access to data and insights from Venmonitor™ without needing to contact the supplier. This also improves their productivity, as they can streamline their workflows and reduce manual tasks.
“The initial screening of third parties is considered just as important as strong contractual obligations and post award contract management. Our assurance process aims to validate the ability of third parties to adhere to contractually agreed terms to ensure security across the ecosystem. Information and digital technology today allows us to use data analytics, risk ratings, and analysis by Venmonitor™ to enhance our screening of third parties. Detailed feedback provided by Venmonitor Assessments™ prepared by Venmonitor™ SME translates the IT language for easy to understand risk factors for any business stakeholder.”
Security Advisor
Global Energy Company