Supplier Risk Profiling Building Society

Client Challenge

TORI were engaged to assess the client’s Security Risk Function’s approach to ongoing and continuous monitoring of suppliers. This included reviewing which tools were in use and how they were deployed to create a view on real-time threat. Additionally TORI were tasked with comparing this approach against industry best practice.

What we did

  • Undertook an in-depth review of applicable policy, standards and process documents
  • Analysed use of threat evaluation tools within the vendor management function
  • Applied industry knowledge to identify shortcomings in the processes and develop ‘best practice’ recommendations
  • Conducted research into emerging threats and trends in 3rd party risk management to incorporate into the review findings

Outcomes & Results

TORI’s review concluded that the client did not have in place a true continuous monitoring process and made a number of recommendations including:

  • Adoption of a leading framework for continuous monitoring (NIST)
  • Automation of the vendor risk management process via a VRM solution
  • Incorporation of security ratings into the suite of metrics used to continuously evaluate vendor risk
  • Specific guidance on the considerations that should be given when selecting tooling