Holding third parties accountable to Self-Esteem Brand’s standard of operations is increasingly complex given today’s evolving regulatory landscape and increasing threat of data breaches. Consequently, the company sought to iterate on their vendor risk management operations.

Empowering business owners to manage vendor risk

Self Esteem Brands approached their vendor risk management initiative with the goal of ditching a series of spreadsheets, documents, and emails for a single platform that supports workflow implementation and consistent monitoring of vendors throughout the engagement lifecycle. Additionally, the company wanted to offload work from the vendor relations team while cutting down on the amount of time it takes to engage internal and external stakeholders.

OneTrust Vendorpedia is used across multiple Self Esteem Brands teams including vendor relations, legal, IT and marketing. To ensure each business unit has a comprehensive understanding of the platform, the system administration department holds one-on-one training for dedicated Business Owners (BO). In most instances, the trainees are assigned live vendors to work with and can walk through the engagement lifecycle.

As a result, OneTrust Vendorpedia combines automation with aggregated vendor research to streamline Self Esteem Brands’ vendor risk management program, enabling the company to reduce risk and empower their teams with the tools they need to succeed.

Working out a new vendor risk program with OneTrust and docusign

Self Esteem Brands’ onboarding timeline begins when a BO requests to bring on a new vendor within the OneTrust Vendorpedia platform. Once all necessary account data is entered, a non-disclosure agreement (NDA) is distributed to the prospeticve vendor via a DocuSign integration. As soon as the NDA is signed, a workstream kicks off to gather information on the vendor’s privacy policies and data management pratices which populates an initial risk-based security assessment. Each vendor is then sent a tailored assessment based on how they respond to the initial security and risk questions. After all documentation is filled out, the process is handed off to Self Esteem Brands’ legal team for potential risk remediation efforts as well as general onboarding operations.

Vendor risk management fitness is a marathon, not a sprint

Self Esteem Brands’ vendor risk management program is continuing to evolve as consumer expectations, digital transformation, and regulatory requirements evolve. Looking ahead, the company intends to leverage OneTrust Vendorpedia’s pre-built system integrations as well as its open API framework to increase efficiencies.