Launched in 1955, ITV is a free-to-air television network in the United Kingdom. ITV is supported by its supply chain to secure content pre-distribution and to secure its broadcast chain. Therefore, it is essential that any entity interacting with the network have the proper security controls in place. However, the process for the ITV cyber security team to assess entities against requirements was manual and time-consuming, leaving potentially risky gaps.
With more than 400 entities to assess – from large global organizations to small post-production shops – ITV’s manual, spreadsheet-based risk assessment process could no longer keep up, taking weeks of effort per entity to determine their risk visibility.
Other departments within ITV also struggled with using clunky spreadsheets to manage suppliers and risk which led to inconsistencies, inefficiencies and no single view on supplier risk. Finally, third parties and business unit owners alike wanted a simpler data driven way to engage in conversations around risk.
ITV searched the market and found that potential solutions typically fell into one of two categories: tools to simply automate questionnaires, and overly complex GRC tools. The problem with questionnaire automation tools was that they couldn’t provide useful insights. On the other hand, GRC tools typically require significant effort (and therefore cost) to address unique company needs.
It was clear that ITV had to provide their entities and internal departments with a simple, meaningful single view of risks, so stakeholders felt there was value in the process rather than just seeing it as a compliance exercise.
ITV needed a solution that not only automated the process of sending out and analyzing questionnaire responses, but also offered workflow and risk management capabilities that simplified third-party risk management for everyone involved – inside and outside the enterprise. To achieve this, ITV turned to Prevalent.
Prevalent takes the pain out of third-party risk management (TPRM). Companies use Prevalent software and services to eliminate the cyber risk and compliance exposures that come from working with third party suppliers. Prevalent’s customers benefit from a flexible, hybrid approach to TPRM, where they not only gain solutions tailored to their needs, but also realize a rapid return on investment.
ITV leverages the Prevalent Third-Party Risk Management Platform to:
ITV has seen tremendous return on their Prevalent investment, narrowing their risk assessment process down from weeks to no more than a couple of hours effort per entity. Complementing these time savings, ITV can now intelligently automated tailor-made questionnaires for suppliers based on the services being provided, which saves a massive amount of time and effort during new supplier onboarding.
ITV has also expanded into assessing operational risk, enabling them to connect the dots on previously unseen risks across their broader spectrum of enterprise risk.
Finally, the simplicity of the Prevalent Platform enables ITV to provide a clear risk report to the business. This has encouraged internal business units to proactively come to the cyber security team to get their suppliers assessed as they see the value in the TPRM process.
Interested in hearing how we've helped other organizations? Discover more Prevalent success stories in our customers and case studies section. Want to discuss whether Prevalent may be a fit for you? Request a demo today!
Learn how to leverage vendor risk assessment questionnaires for stronger third-party risk management, including a customizable...
09/18/2024
Third-party risk assessments not only enable your organization to proactively detect and reduce risks, but also...
09/16/2024
Learn how integrating the NIST Privacy Framework with third-party risk management (TPRM) helps organizations enhance data...
09/12/2024