Vendor Assessment process streamlined using Risk Hawk!

Flexy helps a reputed banking institution in streamlining and accelerating its vendor assessment process by deploying a distributed Risk Hawk system.

Challenges faced with the manual procedure

Third parties such as vendors can be a source of vulnerabilities, this bank wanted to centralize and automate the vendor risk assessment process to prevent any kind of risk related to Information Security and ensure right decisions are taken in vendor selection. Previously, the entire process, from gathering the information to finalizing the vendors, was carried out manually using emails, word, and excel files which proved to be time-consuming, challenging and caused issues during audits.

The solution- Risk Hawk

Flexy workflows were established so that all the vendor risks associated with information security could be assessed in a safe and centralized system and the right decision could be made.

Vendors were given access to a separate extranet portal built using the Risk Hawk's Flexy module where they could log in and fill in all the questionnaires created by the bank, which then could be sent for approval to the bank’s internal Risk Hawk system.

As a result, the data flows were completely secured and wholly separated, thanks to the distributed deployment capability of Risk Hawk’s Flexy module. The bank was able to do vendor assessment checks, give ratings based on those, determine the gaps and risks, and take decisions. In case of any major discrepancies in the answers, the bank could reject the vendor’s submission. This automatically notifies the vendor and they are able to correct their responses and resubmit if needed.

Perks of using the Risk Hawk tool!

Thus, the entire process was

systemized and became frictionless, cutting the time it took to complete a vendor due diligence by as much as 57%. The tool made it simple to keep track of each assessment in an effective and efficient manner and the bank's teams were spared the hassle of chasing down any vendor via calls or emails. Audits of the process also became very efficient with all communication and approval history available in a single place.