Introduction
The global food and confectionery industry relies on a vast network of vendors and suppliers, where security gaps can disrupt operations and impact global brands. Managing this growing third-party risk became a major challenge for a leading European confectionery group, as they were expanding rapidly through acquisitions and international growth.
With tens of thousands of employees worldwide, the company evolved from a centralized organization into a distributed global operation. As the business and its network of vendors and suppliers expanded, third-party risk management became increasingly difficult to scale. New acquisitions introduced fragmented processes, inconsistent oversight, and limited visibility across suppliers and regions. This created new challenges for the Cyber Risk and Governance team. To maintain control over its growing third-party exposure, the organization knew they needed a solution to replace legacy, manual workflows with a more scalable and unified approach.
Managing Third-Party Risk Through Spreadsheets
From early on, the organization lacked a predefined process for evaluating suppliers. The team built their own framework from the ground up, categorizing applications by criticality to define risk-based controls. However, as the team expanded, this structured approach devolved into a fragmented ecosystem of manual processes.
What began as simple checklists quickly multiplied into dozens of spreadsheets filled with complex macros. The system became fragile and impossible to scale, leading to questions like: “How many checklists do we actually have?”
With regional teams and new acquisitions using different versions of these files, consistency proved difficult to maintain.
The Search for a Reliable and Trusted Solution
Before adopting a new platform, the team used several market solutions that proved unreliable. At the time, assessments relied on inaccurate external data, generating false positives and incorrectly associating assets with the organization. Because security scores could take months to update, the outputs were often outdated and lacked the reliability needed for confident decision-making.
This lack of accuracy forced the team to reassess. When evaluating alternatives, three key elements had to stand out:
- Flexibility: The ability to move beyond static questionnaires toward dynamic, adaptive assessments.
- Scalability: A cost-effective model that could grow alongside the company’s expanding footprint.
- Support: High-quality collaboration during and after implementation.
“We are really happy with the support we are receiving. You are always there for us, very responsive, and you help us a lot.“
Panorays Selected Due to Its Unified and Dynamic Platform
By choosing Panorays, the organization moved away from manual processes and unified its assessments, tracking, and reporting within a single environment. This shift replaced fragmented, Excel-based workflows with a consistent global structure, allowing the team to manage third-party risk across all regions through one centralized system.
The platform’s dynamic approach allowed questionnaires to be based on supplier profiles and risk levels, moving beyond static assessments. This flexibility became critical for meeting evolving regulations like NIS2. By integrating cybersecurity assessments and cyber intelligence into one tool, the team eliminated the need for disconnected systems, mentioning that “It has everything built-in, so once you get the platform you can literally do everything you need.”
The move to Panorays delivered a major operational breakthrough. Tasks that previously required several hours per supplier were reduced to approximately one hour. At scale, the team now spends less than half the time per assessment compared to their previous process. This efficiency allows them to handle the high volumes of assessments driven by both business expansion and increasing regulatory pressure.
“In our organization, we are very mindful of how we treat our suppliers. We work closely with procurement to ensure we are in contact with partners in the right way. The business has praised how the platform handles this interaction, providing transparency and automated notifications. It has moved beyond being just a technical tool for the cybersecurity team to something the wider business can benefit from.“
Measurable Impact and Business Alignment
As regulatory requirements tightened, the Group needed a robust audit trail. Panorays provided the necessary standardization and transparency, moving the organization away from inconsistent manual checks to a system where every supplier evaluation is documented and traceable.
The platform transformed their operational capacity:
- Mass Scalability: The team can now launch multiple assessments simultaneously, a feat impossible under the previous model.
- Regulatory Readiness: Centralized data ensures the organization can demonstrate compliance and third-party oversight to auditors at any time.
- Business Integration: Automated notifications and clear reporting have improved collaboration with procurement and regional business units.
“When the regions ask for the budget and how many hours should be allocated for this number of suppliers, with Panorays it’s just a matter of one hour approx. Before, it took at least eight hours for a cloud solution.“
Looking Ahead
As the organization continues its rapid expansion, the focus is shifting toward deeper automation and intelligence. The rise of AI-driven applications has introduced new layers of complexity, making traditional, static questionnaires insufficient for monitoring how vendors handle data and technology. To stay ahead, the team is prioritizing continuous monitoring and dynamic assessments to gain real-time visibility into supplier environments.
“We like these new features of helping us detect if the suppliers are incorporating AI into their solutions and hiding it from us. It’s very useful“