The Open Vendor Risk Management Initiative for Financial Services
A Unique and Free Platform for Vendors and their Clients to Finally Solve the VRM (Vendor Risk Management) Challenges in Harmony
Free for Vendors
Answer one simple questionnaire, upload your evidence documents, and share them with your clients
Reduce time and resources on questionnaires and meet cyber regulatory requirements
Free for Clients
Simply select your vendors, request access to their profile, manage risk level, and voilà!
Why such an initiative?
As cybersecurity regulation requirements and security risk increased, vendors are now highlighted as a critical third party extension for private data management. When regulations tighten for financial services organizations, they do so for vendors.
Vendors and Clients find themselves in a never-ending spending spiral. Clients struggle to send requests to vendors that struggle to manage them. The result is incomplete or outdated due diligence, resulting in non-compliance.
Vendor & Client Challenges
The Never-Ending Spendings
Cost of Annual Cyber Certifications
All Vendors and some Clients pay for certifications like SOC 3, SOC 2 Type 1, SOC 2 Type 2, SIG Lite, SIG Core, etc.
Cost of Annual Risk Assessments
Vendors and Clients pay for penetration testing and vulnerability scans of networks, applications, cloud, etc.
Cost of Annual Due Diligence
Clients contact Vendors who sometimes must answer each Client individually. Unnecessary efforts that too often result in incomplete or outdated VRM.
Cost of Multiple VRM Systems
Clients pay for a VRM system while Vendors often pay for multiple ones, depending on their Clients' requests.
Vendors and Clients find themselves in a never-ending spending spirale. Clients struggle to send requests to vendors that struggle to manage them.
Roles & Responsabilities
Open VRM Stakeholders
Defines and governs Open VRM vision and strategies
Reviews and prioritizes feature requests from Vendors and Clients
Defines the Annual Compliance Questionnaire
Monitors cybersecurity regulations in Financial Services
Develops and hosts the Open VRM Platform
Adds Vendors and their publicly-available information in the Vendor Directory
Supports Vendors and Clients
Answer the Compliance Questionnaire
Upload compliance evidence documents
Authorize Client access to Due Diligence information
Select their Vendors
Request access to Due Diligence information
Enter Client-specific information related to Vendor relationships
Evaluate Vendor risk level
Vendors spend over 15,000 hours per year answering security assessments and companies spend $2.1 million annually, on average, vetting these answers.