Shop Direct transforms 3rd party assurance

Shop Direct Group this month revealed it has selected the cloud-based IT governance, risk and compliance (GRC) platform from SureCloud to help automate its third party assurance programme. 

Shop Direct expects the move to SureCloud’s software-as-a-service (SaaS) system to help it more easily manage its extensive partner network as well as lead to clearer insight into the overall efficacy of its partners security compliance measures.

 

As a leading UK online and home shopping retailer, Shop Direct depends on a network of 800 third party partners who provide a wide range of services from logistics to call centres and from finance to manufacturing. Ensuring these partner organisations have adequate security measures in place to protect its customers’ personal data is paramount. Yet, existing systems for assessing third party risk were manual and not as efficient as they could be. 

The compliance team emailed spreadsheet-based questionnaires to stakeholders in each organisation and the resulting data had to be collated manually and could not be analysed easily. Not only was the whole process cumbersome, it tied up valuable auditor time with administration and mundane tasks. But there was no easy way to compare the relative risk levels of data security in relation to its partners.

 

Shop Direct was convinced there must be a better way to audit its supply chain and turned to SureCloud for help. By transferring key GRC processes and providing centralised risk-based reporting via its SaaS platform SureCloud has helped Shop Direct develop a new centrally managed and more automated vendor risk management programme. 

The questionnaire has been re-designed to avoid ambiguity and repetition, and it is now possible to devolve responsibility for providing answers to the right individuals. Additionally, because their responses are captured centrally, Shop Direct is able to track the compliance status of every partner in real-time via a dashboard that allows relative risk profiles to be compared at a glance.

“When we saw how quickly and easily the SureCloud platform could transform our partner assurance programme, we knew that it was exactly what we needed,” commented Mike Marshall, head of group security at Shop Direct Group. “Greater efficiencies and significant time savings have already been achieved without major change or breaking the bank.”