- Corporate Security
- Governance, Risk and Compliance
- Information Security
Vendors and related parties have been implicated in hundreds of the largest data breaches. Breaches and non-compliance can lead to significant impacts: brand, reputation, fines, lost revenue and/or regulatory sanctions. Resolver’s Vendor Risk Management Software helps risk teams understand who these vendors are and keep a track of them along with the potential impact to the business.
There are significant variances and inconsistencies between the security and controls that different vendors require, resulting in the vendor risk team struggling to understand which vendors are the riskiest, or if there are any gaps that need addressing. Resolver’s Vendor Risk Management Software allows risk teams to evaluate vendors using a standardized framework ensuring nothing gets missed.
Vendors that handle sensitive data are linked to critical business applications that are risk assessed through an IT compliance application which is meant to reduce the risk associated with having these vendors. Resolver’s Vendor Risk Management Software allows risk teams to leverage their existing IT framework to give them confidence that there are strong controls in place surrounding vendor risks.
Members of the business can submit a request for a vendor risk assessment. If approved, the Vendor Risk team submits a questionnaire to the third party. All vendors are then categorized in the vendor repository.
Vendor risk management teams can build a repository of all third-party providers (vendors) across the organization. The repository categorizes each vendor and includes all contact details, certifications, and associated vendor engagements.
A single vendor may provide several unique services to an organization. Therefore, each vendor engagement is subject to a unique evaluation and associated to the relevant vendor.
Vendor questionnaires are submitted to each vendor in order to evaluate whether the vendor will be able to fulfill the organization’s needs and demands. This application also supports SIG/SIG Lite Questionnaires.
The Vendor Portal allows vendors to access Resolver and submit responses to their questionnaires.
Once questionnaires are completed, the vendor risk team will perform a risk assessment to understand the risk associated to each third-party. The team can evaluate the response provided in the questionnaire and review all certifications to determine whether the vendor engagement should be approved.
Vendor risk management teams will have visibility to several vendor reports, including, Vendor Profile Reports, Vendor Criticality Reports, Gaps and Remediation Activities, Vendor Engagement Reports, Vendor Engagement Status Reports.