The Challenge:
Inefficient and Inconsistent Manual Vendor Security Due Diligence Process
When Ra’Monne Hayes, Senior Risk & Compliance Manager at Sisense, was initially charged with ensuring vendor due diligence for his organization, he created a manual system consisting of lengthy vendor evaluations and lots of meticulously organized spreadsheets.
Hayes painstakingly sent each and every vendor personalized questionnaires created in Google forms, and then reviewed each of their responses. However, the process was never an easy one because it required an excessive amount of back and forth between the company and its suppliers to obtain information and clarify details.
Not only did this process require tremendous manual effort, it also lacked visibility into the vendor’s true security posture. That’s because the vendor contact was not always knowledgeable about the organization’s security and compliance issues, which resulted in adding more people and frustration to an already laborious process.
“I had a process, but it was a very manual one. Anything you’re doing manually is going to slow you down,” Hayes noted.
“I had a process, but it was a very manual one. Anything you’re doing manually is going to slow you down.”
Another challenge centered on vendor security remediation, which is an essential component of the vendor security process, but the constant emails, chasing suppliers for information and tracking down important documents were challenging and time-consuming. In addition, the manual process was not conducive to obtaining a clear picture of the progression of Sisense’s vendors’ security posture when it came time for supplier renewals. Sisense’s security due diligence process needed an upgrade.
The Solution
Comprehensive, Accurate and Automated Security Vendor Risk Program
As is the case with many companies, Sisense’s security team is small and there’s quite a bit of work involved in the vendor due diligence process. It’s also just one of several projects that Hayes is responsible for, so he was keen to find a solution that could automate and accelerate the overall third-party security risk program.
Sisense chose Panorays for its dynamic, automated questionnaires, external digital footprint assessments, and risk ratings that include the context of the business relationship with the vendor. After a quick implementation, Hayes immediately saw the impact that Panorays had on his day-to-day activities.
“When you have a product like Panorays, you gain greater confidence about your vendor due diligence because you are able to dig deeper than you possibly can when you have a manual process.”
“When you have a product like Panorays, you gain greater confidence about your vendor due diligence because you are able to dig deeper than you possibly can when you have a manual process.”
Hayes appreciates having all relevant vendor security and regulatory information in one place. When it’s time for an internal or regulatory audit or a vendor renewal, it would have been a tedious and exhausting process to track down certifications, emails and other pertinent documentation. The Panorays all-in-one third-party management platform works with Sisense’s suppliers so Hayes is always on top of knowing whether they adhere to pertinent regulations.
In addition, Panorays enables in-platform engagement with Sisense’s vendors and Hayes acknowledges that it’s been great for communicating with their suppliers. “The platform shows me the progression of a vendor. It also allows me to have a conversation with the vendor about remediating issues and has been really useful for contract talks,” he said.
The Results:
A Holistic View of Sisense’s Vendors
With more than 250 suppliers, vetting and assessing Sisense’s vendors via Panorays’ automated platform has been a game changer for Hayes. “The vendor assessment process is just part of my job—which is why this tool is so helpful— because I could actually do other things and feel confident,” he explained.
Furthermore, the information gleaned from Panorays is much more extensive than his previous method and he also saves hours of time thanks to the automated process. “Time is something we all lack, so you want to be efficient with your time, and Panorays helps me do that,” he said.
Hayes praises the impact Panorays has on his job function in particular and on Sisense in general. He emphasizes that while he appreciates the platform, it is also the people at Panorays that have made his experience so positive.
“The platform gives me a holistic view of looking at a vendor and removes the manual effort away from having to plug away for hours to get that information,” said Hayes. “When you have a product like Panorays, you gain greater confidence about your vendor due diligence because you are able to dig deeper than you possibly can when you have a manual process.”
“The platform gives me a holistic view of looking at a vendor and removes the manual effort away from having the plug away for hours to get that information.”
Hayes raves about the Panorays Customer Success team who worked with him to upgrade Sisense’s existing manual questionnaires to an automated and customized Smart Questionnaire™ where questions are weighted according to the business context.
“The other reason that I like Panorays—and this is an important point for me, and why we continue to use Panorays—is because of the customer support that we’re getting,” he said. “My customer success manager has been rock-solid. She’s always there. Those are the intangibles that you don’t see in a product, but when you get that kind of support, you want to stay and keep working with them.”