Taming the supply chain: Addressing vendor risks to the nth tier


Vendor risk in the supply chain: feet walking on glass stairs

Vendor risk ranks alongside cybersecurity, compliance, reputational, and financial risks as one of the top risks to any organization.

With any risk, you need to identify, monitor, and mitigate that risk, especially when it comes to your supply chain. The question for someone in my role as a senior manager of compliance management is: What level of risk is being posed and why? Stated another way: Do I really know what my supply chain is doing?

When looking at our vendor contracts at ServiceNow, I can easily find information about our first-line supply chain vendors. But digging deeper has proven to be challenging. How do I get objective visibility into the risks of the second-line vendors’ business relationships—and third, fourth, and fifth-line vendors? How do I know when those risks change?

Being able to answer these questions has a direct impact on the business’s bottom line. A 2021 study by the Ponemon Institute found the global average cost of a data breach is $4.24 million. If the risk is related to vulnerabilities at third parties, it’s even higher. Compliance best practices include understanding our supply chain landscape at all times.
 

Identifying vendor risks

As with any large organization, vendors play a critical role in the success of ServiceNow. That’s why we use Vendor Risk Management (VRM) to manage our third-party risk. We identify emerging vendor risks and continually monitor these risks across our enterprise. But the data is limited to our first-tier vendors.

Evaluating Global Vendor Risk: figures in circles on a global map


You need objective data to assess the risks posed by third parties and make good decisions. But it’s not easy to gather details on vendor supply chains manually. Typically, it takes hundreds of hours scouring the web. Even then, not all the data is available.

That’s why we integrated Interos, a risk intelligence software solution, into the latest release of the Now Platform®. It uses algorithmically generated risk scores to rate company performance against six different risk factors:

  • Financial

  • Operational

  • ESG

  • Geopolitical

  • Company and country restrictions

  • Cyber risk

The data comes from thousands of different sources on the web.

Interos had exactly the data we needed to detect areas of concern and vulnerabilities across physical and digital supply chains worldwide. I can view ServiceNow’s business relationships across entire ecosystems and continuously assess second and third to nth-tier vendors against multiple risk types. I can pull a report in seconds rather than having to question every vendor in our supply chain about the vendors they use.

Gaining visibility

The combination of Vendor Risk Management and risk intelligence software such as Interos is worth its weight in gold because of the visibility and transparency it gives me into the supply chain. The risk scores save a tremendous amount of time and help me understand my unforeseen risk exposure.

For example, if a vendor tells me its cybersecurity program or financial stability is good and its risk score is low, I can ask for verification. Or, I can conduct additional screenings to determine if the data is accurate and fits within my risk threshold. Equipped with data, I can skip blanket risk questions and instead start with targeted questions, saving time and effort.

A great example of how risk intelligence software can impact vendor risk is the hacking of SolarWinds in 2020. I can see if SolarWinds was in my supply chain and which areas are at risk. I can then query those vendors about potential data loss within specific time frames. More importantly, I can move quickly to assess the risk and mitigate any impact.

Risk intelligence software is worth its weight in gold because of the visibility and transparency it gives me into the supply chain.


Mapping vendors to the nth degree

According to the Ponemon research, the average total cost of a data breach grew nearly 10% between 2020 and 2021, representing the largest annual cost increase in the last seven years. Supply chain vulnerabilities are only one of many risks that can contribute to these breaches.

Using Interos, I’m more confident in analyzing data and quickly recommending decisions about our suppliers because I can see our exposure through the entire ecosystem. Best of all, I can sleep at night knowing I’ve done what I can to help avoid the business disruptions, data loss, and operational or financial impact of our supply chain.

See an Interos/Vendor Risk Management demo and find out more about Vendor Risk Management.

© 2022 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Topics

  • Harnessing the whole organization to improve customer experience: group of office workers
    Customer Experience
    Harnessing the whole organization to create a better customer experience
    Creating an effortless customer experience is a key imperative facing customer service leaders. It involves connecting the front, middle, and back offices.
  • Customer experience: 2 girls looking at phone and smiling
    Customer Experience
    Great customer experience is easier than you think
    I haven’t heard anyone sing about customer experience just yet, but easy is important. Discover ways to simplify customer service for frictionless experiences.
  • Knowledge base relevance: two male co-workers chat over an open laptop
    Now on Now
    4 easy ways to keep your knowledge base relevant and up to date
    In today’s self-service world, a well-populated knowledge base with a reliable group of contributors is not enough to create a great experience. Learn 4 tips.

Trends & Research

  • Customer service: smiling businessman on phone walking outdoors
    Customer Experience
    Survey: 3 tips to deliver world-class customer service
  • Forrester Wave Leader 2022 Third-Party Risk Management Platforms
    Cybersecurity and risk
    Forrester says ServiceNow is a Leader in third-party risk management
  • Cybersecurity: man sits on train bench with a tablet
    Cybersecurity and risk
    Survey: Cybersecurity requires risk-based management approach

Year