GRACE - Vendor for Vendor Risk Management

Outsourcing key business processes to vendors has created a huge operational risk. The organizations now carries the risk of vendors non- adherence to compliance requirements, privacy of customer information, poor security management, business continuity issues, record keeping and privacy of information. Though the outsourced vendor is responsible for providing the service, the ultimate responsibility of the information security, business continuity and compliance still resides with the organization. 

GRACE-Vendor software helps set up and manage vendor information on all your vendors and monitors the key processes needed for compliance, business continuity and compliance within the vendor organization to identify risks early and plan and execute mitigation strategies.

It helps you define policies and procedures with respect to the processes for the vendor monitoring and keeping them up-to-date for any changes in their systems, processes and regulations. It helps you build a calendar and a monitoring and risk recording mechanism from assessments, incidents and builds the dashboard of risks and their levels to manage their mitigation.

GRACE-Vendor with its SaaS (Software as a service) model helps you quickly put together a continuous monitoring process to establish and monitor vendors to enable you to identify risks early and take remedial action in a business as usual way.

GRACE-Vendor helps you build the process for a standardized, comprehensive and up-to-date process for:

Be able to conduct operational due diligence of service provider activities in a standardized way and see risk trends early

Always have data of all your books and records as well as business continuity plans from each vendor

Have the latest copy of all the contracts and service level agreements in one place

Have a well defined agreed policy and procedure between service provider and your organization that can prevent violations from the vendor

Be able to identify, non-compliance, operational and business continuity risks early and ensure risk is mitigated without affecting your organization

Be operationally efficient in managing the service provider processes, risk and compliance information

centrally. Having them spread out in multiple excel files, documents and paper trails makes the process inefficient and labor intensive to retrieve and produce it for audit

Help senior management be confident that there is no business continuity risk from vendors

Have up-to-date and integrated view of risks on service provider processes can allow you to save your fund from non-compliance violations, faulty vendor business processes and business continuity issues. This allows you to focus on the key risks quickly

Early identification and control reduces cost of mitigation

Be able to search and retrieve information with least time and cost for audits and assessments

Have better internal control, regulatory compliance & enhanced predictability

Build ownership, responsibility and accountability for risk and its management

Institutionalize the risk management process

Own the knowledge in the enterprise and not lose it when key people leave

Vendor Database

- Up-to-date information on each vendor, their services, SLAs, key personnel, contracts
- Business Continuity plan of each system that the vendor operates

Policies & Procedures

- Policies and procedure definitions for Compliance requirements that should be adhered to by vendor
- Management of these documents including add, update, review and release version histories and provides access to the latest policy and procedure to the organization

Vendor Risk Assessments and Monitoring

- Conduct due diligence during the service provider selection for process adherence, business continuity and other practice through comprehensive standardized checklists with BCP and disaster recovery questionnaires
- Record all the due diligence information and review the due diligence findings internally
- Record all vendor details, contract documents and service level agreements and updates to these documents
- Record of reasons for selection / rejection of the vendor
- Set up alerts for periodic due diligence of vendors to ensure for process monitoring
- Receive alerts and record actions, comments, documents and risks identified from the periodic monitoring and review them internally
- Be able to record risks from there and put mitigation / escalation / risk reporting mechanism in place
- Be a one place for all the information gathered on a vendor firm from an operational and business continuity perspective

Incident Management

- Recording of all incidents that happen with the IT infrastructure into the Incident Logs both in internal and vendor systems including business continuity and other issues
- Incident Tracking Workflow
- Incident dashboard to look at trends and analysis of frequent incidents

The Dashboard

- The powerful dashboard brings together the umbrella of all information related to IT and Vendor risks
- Allows deep drill down on all information across due diligence, assessments and audits, internal controls and tasks associated with management of the risk and reports on mitigation task status
- Slice and dice of information to bring different trends to view
- Queries and Reports that can be exported to Excel / PDF formats