Skip to content
Vendor risk management

Third-party vendors. First-rate risk management.

Third-party vendor relationships are more complex than ever, with growing pressure from stakeholders and regulators. Our vendor risk management solution enables you to manage and optimise your vendor relationships.

Take a product tour

Know your vendors

Ensure 360-degree awareness of your vendor relationships to pinpoint risks.

  • Identify weaknesses in doing business with critical third party vendors

  • Visualise fourth party concentration to identify risks

  • Prioritise and manage risk remediation

  • Maintain accurate documentation of vendor assessments, issues, and communications

  • Directly link vendor management to your operational resilience and business continuity planning

  • Streamline real-time data sharing by relationship owners and vendors

Assess and monitor

Use vendor-sourced data and integrated security ratings intelligence to establish aggregated risk ratings and monitor emerging issues.

  • Rate vendors across all risks – financial, policy, security and operational

  • Stay ahead of future problems through automated vendor security and regulatory questionnaire engine

  • Challenge or validate vendor claims with external cybersecurity ratings data

  • Schedule internal reviews of performance, impact and status, in order to monitor and assess vendor contract service levels on an ongoing basis

Act and communicate

Ensure rapid response times and seamless communications through user-centric interfaces, powerful dashboards and reports that keep you aware of developments and issues as soon as they arise.

  • Engage staff through role-based dashboards

  • Provide holistic insights through connected data

  • Optimise productivity with workflow alerts and reminders

  • Manage reporting with consolidated information and powerful visual reports

Ensure compliance with cybersecurity and regulatory standards

Comply with current and expected regulatory requirements in place in your industry, including ESG and modern slavery legislation.

  • CISC – Critical infrastructure risk management program rules

  • APRA – CPS 234 (Information Security), CPS 231 (Outsourcing), CPS 230 (Operational risk management)

  • ASIC – Cyber resilience good practices

Vendor risk management brochure.

Find out how our vendor risk management solution allows you to manage vendor risk and avoid disruption.

Read brochure

Vendor risk management eBook.

Why and how to build an effective third-party vendor risk management program.

Read eBook

Take a product tour.

Our recorded product tour demonstration video takes you through the key areas of our vendor risk management solution.

Take a product tour

Buyer’s guide.

What an ERM solution is, why you need one, and how to make the right choice.

Get the buyer’s guide

Protecht ERM - end-to-end visibility and management of vendor risk

Preconfigured content - for a turnkey launch

Optimise your vendor risk management at the click of a button with preconfigured registers, dashboards and reports.

Explore some of the assets that are included within our VRM offering:

Vendor Management

Streamline your assessment, monitoring and management of risk from third party suppliers. The Vendor Management registers and dashboards help you:

  • Gain a centralised, integrated view of your vendors, their contracts, and their risk profile

  • Keep on top of vendor reviews

  • Provide oversight and management with analytic insights on active vendors, their attributes and related risk management activity

Vendor Findings and Issues Management

This package supports management of findings and issues relating to third party suppliers. The pre-designed register and dashboard help you:

  • Identify vendor issues in a central register early

  • See findings and issues by status and trend and group the information by rating from extreme to low

Vendor Actions Management

Gain visibility of risk and compliance management actions to ensure they are carried out by the right people and at the right time. The Actions Management register and dashboard help you:

  • Create and supervise any type of action

  • Have clear visibility for actions for internal team and actions for vendor by progress, ratings and monthly trend

  • Follow-up and escalate actions

  • Identify overdue actions

Questionnaire Management

Keep control of all relevant due diligence questionnaires between you and your vendors and have a clear view of all the important actions between and your vendors. The Vendor Questionnaire register and the Vendor Due Diligence dashboard allow you to:

  • Have a clear summary of key data from vendor questionnaires at various stages

  • Quickly see the number of finding and issues and the pending actions for your team and the vendor

  • Notify vendors when a new questionnaire is assigned and due

  • Notify relationship owners when questionnaires have been submitted by vendors and ready for review

SIG Questionnaires

Assess vendor risk across 21 different risk domains with Shared Assessments' Standardized Information Gathering (SIG) Questionnaires. The comprehensive set of questions is updated yearly to keep up with the ever-changing risk environment and priorities.

  • Includes SIG Core and SIG Lite

Vendor Risk Assessment and Management

Assess vendor risk and rate the risk categories, and link relevant risk and controls in the library. The Risk Assessment report and the Vendor Risk dashboard help you:

  • Identify vendor risks in a central register and schedule ongoing reassessments

  • Rate the vendor risk and link relevant controls in the controls library​

  • See key data of vendor portfolio and risks ratings

  • Clearly see the information grouped by risk categories such as vendor criticality, vendor service type, business unit and control effectiveness

Vendor Fourth Party Concentration

Record and visualise fourth parties (vendor’s third parties) with a Fourth Parties register and dashboard to help you:

  • Identify where a fourth party is relied upon by multiple vendors, creating concentration risk for the organisation

  • Segment data with different filters including vendor tier, service type and criticality​

Monitoring and Review Management

Streamline ongoing reviews and tasks to ensure they are carried out by the right people and at the right time. The Monitoring Register and the Vendor Periodic Reviews Dashboard allow you to:

  • Enable users to capture scheduled and completed reviews

  • Identify when reviews are overdue and coming up

  • Filter the information using different options that include review type, due date for contract renewals and vendor status​

Vendor Health Scorecard Dashboard​

This dashboard gives instant visibility into your vendor health score. Understand state of your vendor portfolio, quickly identify underperforming/high risk vendors – drill into detail if required to understand why.

Vendor Summary Report​

This report shows a summary of key information and activities for an individual vendor that can be generated and shared with the vendor to understand and improve performance.

Contract and Document Management

Automate reminders for expiring contracts and documents to ensure details are up to date. This includes dedicated Contracts and Document registers that offer you:

  • A central list of executed vendor contracts and agreements that captures key details such as value, expiry date

  • A central list of vendor documents such as insurance and certifications

Case study

Pinnacle stays in control worldwide with Protecht

"The value of this can’t be overstated. In an industry where analytical skills account for much of your success as a company, we’re able to better leverage our intellectual capital."

Cameron Drinan

Risk & Compliance Manager | Pinnacle Investments

See this story