Part Four: Responsible for You and Your Friends (Vendor Risk)

In this installment of our blog series, Managing Privacy and Risk in Financial Services, we take a closer look at Vendor Risk.

You did it! No . . . you did it!

Sorry, Financial Institutions, but even if it wasn’t your fault…it’s still your fault. You are responsible for your vendors. And it’s more than just your reputation at stake. Although that’s at risk, too! Most financial organizations manage hundreds to thousands of vendors, suppliers and other third-party relationships with variations, including levels of risk. Additionally, as your vendors become privy to sensitive systems and data, their risk and compliance posture becomes even more important to your security. As a result, regulators expect organizations to proactively identify potential risks, verify compliance and monitor changes. The GDPR, we discussed yesterday, is one, of many, that require a watchful eye on your vendors.

 Stakes are high.

We, at ServiceNow, understand this complex problem and realize the task is greater and the stakes are higher for those in heavily regulated industries. That’s why we released the Vendor Risk Management application, the latest addition to the Governance, Risk, and Compliance (GRC) portfolio. It can be used in conjunction with the core GRC applications to, for example, provide top down traceability from an authority document to a question in a vendor questionnaire – assessing compliance and gauging risk. I could go on and on however, Teresa Law, the colleague I lean on for all things GRC related, has offered to provide insight into how Vendor Risk Management can work for you:

Vendor Risk Management allows you to create a comprehensive third-party risk process through automation and a deep connection to the ServiceNow platform.  Defining and streamlining the process from the initial point of receiving the request, through determining the inherent risk, continuously monitoring, and ultimately retiring the vendor.

ServiceNow Vendor Risk Management lets you monitor, prioritize, and automate response to third-party risk, so you can:

  • Control your risk exposure with continuous monitoring
    • No one else can provide a single solution that offers continuous monitoring, both capturing the data and reporting on it, to detect vendor changes in real-time; at a scale that we can.
  • Prioritize and respond to critical risks with a unified Vendor Risk program
    • No one else delivers the cross functional visibility through the single platform and asset-centric approach, delivering risk scoring and effortless collaboration to drive critical risks to closure
  • Slash your unstructured work burden through consistent workflows and automation
    • No one else can automate processes and create consistent workflows across your vendor ecosystem; because no one else can provide a unified system of engagement, with cross functional process integration, and links to other ServiceNow and partner solutions.

All enterprises should have a vendor risk program to reduce their risk exposure.  And in financial services it’s a must. However, all programs are not created equal.  To ensure you have the visibility you need and the time to proactively approach vendor risk, you need automated, actionable, and unified ServiceNow Vendor Risk Management.

Teresa Law has over 20 years’ experience in the security industry successfully bringing products to market and is currently the Sr. Product Marketing Manager for GRC at ServiceNow.

I hope you’ll come back on Wednesday, October 4th, for Part Five of this Six-Part series on Managing Privacy and Risk in Financial Services.

Next Posts:

Part Five: We Have a Plan (NY State Cyber Regulations)

Part Six: Rinse and Repeat (IT GRC)

Additional Resources: