ComplySci Case Study

3 minute read

September 2018

by cybergrx

ComplySci Proactively Shares

CyberGRX Helps ComplySci Reduce Time Spent on Assessments with Proactive Sharing

Proactive Sharing Saves Time

As an organization that is dedicated to protecting its customers’ information, ComplySci takes data protection seriously. So, when one of their customers ordered a CyberGRX assessment on them, it was no surprise that their final assessment data reflected their due diligence and dedicated security posture. That CyberGRX assessment has continued to pay dividends to ComplySci, as they share it with their other partners, proactively cutting down on their assessment requests.

About ComplySci

ComplySci is a leading provider of technology solutions that help compliance organizations identify, monitor, manage and report on conflicts of interest arising from employee activities, including personal trading, gifts and entertainment, political contributions, outside business affiliations, and other code of ethics violations. Founded in 2003 by early pioneers in the development of automated compliance management solutions, ComplySci is now trusted by over 1,000 customers, including some of the world’s largest financial institutions. Compliance Officers rely on ComplySci’s scalable and sophisticated platform to stay ahead of risk.

CyberGRX will help us save 200 hours or more traditionally spent on filling in assessments.

Challenges

Like many other technology vendors, ComplySci is no stranger to the strain the overwhelming disparate assessment requests can put on an organization’s resources. ComplySci is assessed over a hundred times a year, and that number only appears to be increasing. Given the nature of their offering, they are absolutely dedicated to safeguarding their customers’ data, so finding a way to cut down the time they spent on assessments so they could proactively manage their security was not just a challenge for them, but a goal.

CyberGRX helps ComplySci cut down the time they spend filling out assessments by 30%, enabling them to focus on proactively managing their security and safeguarding customers’ data.

How CyberGRX Helped

During the summer of 2017, one of ComplySci’s customers requested a tier 1 CyberGRX assessment on ComplySci. Tier 1 assessments are the most comprehensive CyberGRX offers, with an onsite or remote validation option. The assessment and validation were completed within a few weeks, and the final assessment data has become a valuable, force-multiplier tool for ComplySci.

Once a tier 1 assessment is complete, it automatically populates CyberGRX tier 2 and tier 3 assessments. These assessments are still comprehensive but come with different levels of validation. Since completing the tier 1, ComplySci has begun proactively sharing their tier 3 assessment with their other customers and partners.

During their first proactive share, their upstream business partner declared the CyberGRX tier 3 was the most comprehensive assessment they’ve received and agreed to use that report in place of their own due diligence reports.

ComplySci’s upstream partner declared the CyberGRX tier 3 was the most comprehensive assessment they’ve received and agreed to use it in place of their own.

Results

As ComplySci continues to proactively share their CyberGRX assessment with their customers, they continue to cut down the amount of additional due diligence reports. Since completing their tier 1 report and sharing it with the initial ordering customer, they have also shared it with 10 of their other upstream partners.

That’s 10 fewer assessments they will have to do this year. Over the course of the next year, ComplySci believes they will be able to reduce the amount of time they spend on filling in assessments by 30% and spend more time on proactive security management. In addition, ComplySci plans to order CyberGRX assessments on some of their own vendors.

The CyberGRX assessment process was comprehensive, yet seamless. The standardized assessment and their global risk information Exchange will help us save 200 hours or more traditionally spent on filling in assessments, so we can apply that time on proactively managing our security for our clients.

– George McKevitt PhD, ComplySci CTO

Request A Demo

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit www.processunity.com.