About Riskonnect
Riskonnect is a leading software provider that enables organizations to address, manage and respond to strategic and operational risks across the enterprise. Riskonnect has more than 2,000 customers across six continents that utilize their solution to accurately gain insights on key business indicators.
The Challenge
Riskonnect was looking to improve their current third-party assessment and questionnaire management process, especially in respect to evaluating prospective vendors. They have a high volume of vendor assessments in their queue, with approximately 3-4 third-party assessments that need to be completed per week. Historically, their spreadsheet-based process aggregated internal tool information and combined a traditional email back-and-forth with third parties for questionnaire completion. In all, with this process it took 3 weeks to complete the assessment and review before onboarding a new vendor.
The Solution
Riskonnect turned to FortifyData’s Integrated Cyber Risk Management platform to fill gaps in their third-party review process with active assessment data. FortifyData’s Third-Party Cyber Risk Management capabilities provides active scanning of third-party external attack surface and allow users to send questionnaires based on major frameworks, like PCI-DSS, HIPAA, SIG, etc., or upload a custom questionnaire. It also allows respondents to answer the questionnaire directly within the FortifyData platform, eliminating the need to email everything back and forth.
Another benefit, according to John Casazza, Chief Information Security Officer at Riskonnect, is the ability to quickly send questionnaires in response to new and critical threats.
“We can now create multiple assessments with a level of velocity because zero-day threats are out there – we see them all the time. Now we can do, for instance, a Log4j assessment, and very quickly we can build, deploy and have our vendors respond to those questions.”
Riskonnect is also running their vendor assessments with FortifyData, as part of their review process. Scans and re-scans are requested right in the platform, and the results are incorporated into a cyber risk score that you can monitor for changes.
“The scoring posture for our vendors has proven very helpful for us,” said John. “We basically set our thresholds and then watch our vendors over time and see how they increase or decrease as threats develop.”
In the past, once a vendor received a score, they did not have the ability to change that score based on a rigid algorithm that legacy scoring companies put into place. FortifyData allows Riskonnect to customize these scores based on the company they are assessing. Having a score that is tailored to a specific industry or company ensures Riskonnect the accuracy of findings.