GDPR Compliance and Lack of Scalability
Yaron Weiss, Payoneer’s VP corporate security and global IT operations, was in a quandary. His department employed nearly 300 third parties from a wide variety of industries, including banks, SaaS providers and human resources. Robust security assessments were already in place, but with the European Union’s General Data Protection Regulation (GDPR) coming into play, a higher level of vendor risk management was required to ensure compliance.
“The questionnaire we used previously was not a comprehensive enough security assessment for GDPR,” he explained.
“We needed to upgrade our analysis of vendor security to comply.”
In addition, Payoneer’s process did not allow for scalability of its vendors. Payoneer’s system owners followed up on questionnaires, and a security team reviewed answers. Often, vendors would need to be contacted to clarify answers. The lengthy process did not allow for the rapid expansion of security protocols that GDPR required.
Customized Automated Security Assessments
Weiss was impressed with Panorays’ capabilities and worked together with its customer success team to build a thorough security assessment suited to Payoneer’s needs. They sent the assessment to several vendors and received results within two days.
Because Panorays made it easy to add third parties, view scores and deep-dive into the reasons behind them, Weiss’ team was able to quickly assess all 200+ vendors and continue to add more.
He estimates that switching to Panorays allowed them to accomplish in days what used to take them weeks.
As a result, Payoneer’s vendor risk management process changed radically.
“Every new vendor now starts with my team,” Weiss said. “Panorays became a key player in our information systems flow. We do not move forward until we receive assessment results from them.”
Because the new security assessment uncovered cyber gaps that would not have been revealed otherwise, Payoneer’s vendor engagement improved as well.
“There was a good chance we would have missed problems in our questionnaire,” said Weiss. “With Panorays, it’s very clear. We have the score, the assessment and the scan. We can now see a complete picture of vendor security.”
A Straightforward Solution That Easily Achieves Compliance Conclusion
Automating security assessments revolutionized vendor risk management for Payoneer, but Weiss expects that the benefits of working with Panorays will continue to grow—not just as an evaluator, but as a vendor.
“I have two hats,” he explained. “I send assessments to vendors and they send assessments to me. It can take me days to fill out those questionnaires. As Panorays becomes the benchmark for third-party cyber posture, I plan to respond to evaluators with my existing assessment on Panorays.”