The client is a major insurance company in UK. They wanted to conduct vendor risk assessment for all IT and non-IT suppliers.
Infosys helped them in completing risk assessments for 150+ vendors within an estimated time period.
Key Challenges
- Absence of segregation of suppliers based on the risk score
- Unable to complete the enhanced security assessment on time and communicate risks and remediation opportunities to business owners
- Unable to understand the existing risk assessment process
- Limited time frame between assessment and supplier engagement
- Single point of contact to handle the vendor risk assessment for all suppliers
The Solution
Effective management and tracking of supplier details
- Standard pre-assessment conducted for each vendor
- Managed audit information related to supplier IT risk assessment for ITGC36 and ITGC37
- Created a central repository of the supplier details
- Risk assessment for all IT and non-IT suppliers completed on time
Benefits
On time risk assessment for 150+ vendors
Completed risk assessments for 150 suppliers as per ISO 27001
Timely reporting and closure of any deviations/observations
Vendor risk assessment extended to all the supplier across HR, finance, claims increasing the security posture
350+ vendors pre-assessments and 150+ vendors enhanced risk assessments completed
