Modulo, a provider of IT governance, risk and compliance (GRC) solutions, launched a new Vendor Risk Management solution to help enterprises identify and classify high risk vendors and cloud providers, and streamline the risk and compliance evaluation process.
The product comes fully integrated with the Shared Assessments Standard Information Gathering (“SIG”) questionnaire – an industry standard template for gathering and assessing IT, operating and security risks and controls in an information technology environment, the company said.
Third-party vendors often have access to sensitive data, exposing organizations to IT and cyber risks and noncompliance to regulatory as well as internal requirements. SOX, FFIEC, NYSE, GLBA, PCI DSS, HIPAA and other regulations require organizations to extend compliance to vendors, contractors and consultants.
“Many third-party vendors offer cloud-based solutions, making it even more difficult to assess reliability, continuity, and compliance and creating a ripple effect in the event of a disruption. Industry experts suggest that organizations first conduct a security assessment of these vendors before they buy and then monitor vendors on an ongoing basis, the company explained.
Atlanta-based Modulo hopes to help enterprises assess vendor risk with Vendor Risk Management with Modulo Risk Manager 8.1.
Modulo Risk Manager provides several tiers of reporting based on the level of detail required by the report recipient, and ties into business value by helping define Key Risk Indicators (KRIs) to understand the impact of vendor IT risks on overall enterprise risk.
“The cost of failing to manage vendor risk is high: from quality of service to financial, audit, and reputation risk,” said John Ambra, director of technical services for Modulo. “Many organizations don’t know whom their high-risk vendors are which makes it nearly impossible to target assessments, prioritize risks and create mitigation plans.”
According to the company, customers can use Modulo Risk Manager’s Vendor Risk Management solution to:
• Classify vendors by risk and relevance levels
• Track and monitor classification efforts and assessments in one single console
• Harmonize risk scoring across vendor assessments and risk management projects
• Prioritize risks and remediate exposures based on the risk a vendor presents
• Report vendor risk & compliance evaluation results using reports targeted for vendors, internal lines of business, and customers
• Benchmark vendors against organization and industry standards
Additionally, Modulo provides Mobile Apps that enable teams to capture vendor risk information on iPhones, iPads, and Android devices.
The Modulo Risk Manager Vendor Risk Solution is available immediately in three deployment models: on-premise, subscription, or SaaS.
