The Open Vendor Risk Management Initiative for Financial Services
Open VRM
A Unique and Free Platform for Vendors and their Clients to Finally Solve the VRM (Vendor Risk Management) Challenges in Harmony
Free for Vendors
Answer one simple questionnaire, upload your evidence documents, and share them with your clients
Finally!
Reduce time and resources on questionnaires and meet cyber regulatory requirements
Free for Clients
Simply select your vendors, request access to their profile, manage risk level, and voilà!
Why such an initiative?
As cybersecurity regulation requirements and security risk increased, vendors are now highlighted as a critical third party extension for private data management. When regulations tighten for financial services organizations, they do so for vendors.
The Challenges?
Vendors and Clients find themselves in a never-ending spending spiral. Clients struggle to send requests to vendors that struggle to manage them. The result is incomplete or outdated due diligence, resulting in non-compliance.
Vendor & Client Challenges
The Never-Ending Spendings
Cost of Annual Cyber Certifications
All Vendors and some Clients pay for certifications like SOC 3, SOC 2 Type 1, SOC 2 Type 2, SIG Lite, SIG Core, etc.
Cost of Annual Risk Assessments
Vendors and Clients pay for penetration testing and vulnerability scans of networks, applications, cloud, etc.
Cost of Annual Due Diligence
Clients contact Vendors who sometimes must answer each Client individually. Unnecessary efforts that too often result in incomplete or outdated VRM.
Cost of Multiple VRM Systems
Clients pay for a VRM system while Vendors often pay for multiple ones, depending on their Clients' requests.
The Solution?
Vendors and Clients find themselves in a never-ending spending spirale. Clients struggle to send requests to vendors that struggle to manage them.
Roles & Responsabilities
Open VRM Stakeholders
Advisory Board
- Defines and governs Open VRM vision and strategies
- Meets quarterly
- Reviews and prioritizes feature requests from Vendors and Clients
- Defines the Annual Compliance Questionnaire
Buckler
- Monitors cybersecurity regulations in Financial Services
- Develops and hosts the Open VRM Platform
- Adds Vendors and their publicly-available information in the Vendor Directory
- Supports Vendors and Clients
Vendors
- Answer the Compliance Questionnaire
- Upload compliance evidence documents
- Authorize Client access to Due Diligence information
- Repeat annually
Clients
- Select their Vendors
- Request access to Due Diligence information
- Enter Client-specific information related to Vendor relationships
- Evaluate Vendor risk level
- Repeat annually