Key Challenges
Relying 100% on spreadsheets and manual processes, Tower Health faced significant challenges managing third-party risk (TPRM). This “broken and inefficient” approach drove persistent frustrations and severely limited the volume of third-party risk assessments that could be completed each year – with no time for reassessments. Tower Health’s TPRM program was characterized by:
- High resource intensity: Tower’s TPRM program required up to 5 FTEs, all working below “top of license” on mostly manual tasks.
- Slow throughput: Each assessment took 5-6 weeks, driven by slow vendor response times, long email chains, and manual internal review.
- Poor risk visibility: Little actionable insight into each vendor’s risk profile or the organization’s overall third-party risk posture.
Decision Process
Tower Health sought out a better approach and evaluated four different TPRM solutions against the following key criteria:
- Flexible: Questionnaires must automatically adjust based on the vendor’s size and criticality.
- Standardized: Questionnaires must be standardized, but allow for custom questions, if needed.
- Insightful: Must answer CISO’s targeted risk questions. (e.g., Which vendors don’t meet our access standards?)
- Affordable: Must meet budget constraints and incentivize unlimited assessments.
Why Censinet
Censinet met all of the requirements above and addressed Tower Health’s specific TPRM needs, including:
- Vendor Community Buy-In: Censinet’s questionnaires are well-received by vendors, speeding up response times to a single day or even a single click.
- Automated Corrective Action Plans (CAPs): Censinet automatically generates corrective actions based on questionnaire responses, helping Tower quickly identify and prioritize the most critical risks.
- Responsive Support and Innovation: Censinet’s Customer Success team is highly responsive and actively seeks out continuous improvement based on Tower’s feedback.