Self Esteem Brands

How self esteem brands got in vendor risk “shape” with OneTrust Vendorpedia

Dumbbells on weight rack

Improving the self-esteem of the world. That’s the goal of Self Esteem Brands, the parent company of Anytime Fitness (the world’s #1 “Top Global” franchise), Waxing the City, Basecamp Fitness, and The Bar Method. Self Esteem Brands is also the parent company to affiliates Provision Security Solutions, and Healthy Contributions.

The company seeks to enrich the lives of all of those who interact with them in nearly 40 countries worldwide. This includes consumers, third parties, employees, franchisees and the surrounding communities where more than 5,000 of their independently owned and operated franchises are located.

Self Esteem Brands maintains a high standard of corporate governance and ethics while conducting business in an open and honest manner. The company has embarked on a journey of continuous improvement and actively strives to implement responsible vendor risk management practices.

"We believe the behavior of our vendors is not only important to our business, but also to the products we offer our customers. We expect third parties, at minimum, to comply with the law and operate in compliance with internationally-recognized standards, and strive to implement ethical vendor risk management practices."

 

Brian Smith, Senior IT Project Manager

Holding third parties accountable to Self-Esteem Brand’s standard of operations is increasingly complex given today’s evolving regulatory landscape and increasing threat of data breaches. Consequently, the company sought to iterate on their vendor risk management operations.

"We must further prioritize the assessment and due diligence of our vendors and suppliers. This requires us to identify any risks before onboarding and conduct re-assessments throughout the engagement. Combined, this provides our customers with more reassurance that Self Esteem Brands is taking the right steps to secure their data."

 

Brian Smith, Senior IT Project Manager

Empowering business owners to manage vendor risk

Self Esteem Brands approached their vendor risk management initiative with the goal of ditching a series of spreadsheets, documents, and emails for a single platform that supports workflow implementation and consistent monitoring of vendors throughout the engagement lifecycle. Additionally, the company wanted to offload work from the vendor relations team while cutting down on the amount of time it takes to engage internal and external stakeholders.

"Vendor risk management is an ongoing initiative that requires buy-in from almost all employees, so we sought to implement a solution where processes are clearly laid out and self-explanatory. OneTrust Vendorpedia's vendor risk management platform does just that."

 

Mitchell Samuel, IT Technology Administrator

OneTrust Vendorpedia is used across multiple Self Esteem Brands teams including vendor relations, legal, IT and marketing. To ensure each business unit has a comprehensive understanding of the platform, the system administration department holds one-on-one training for dedicated Business Owners (BO). In most instances, the trainees are assigned live vendors to work with and can walk through the engagement lifecycle.

As a result, OneTrust Vendorpedia combines automation with aggregated vendor research to streamline Self Esteem Brands’ vendor risk management program, enabling the company to reduce risk and empower their teams with the tools they need to succeed.

Working out a new vendor risk program with OneTrust and docusign

Self Esteem Brands’ onboarding timeline begins when a BO requests to bring on a new vendor within the OneTrust Vendorpedia platform. Once all necessary account data is entered, a non-disclosure agreement (NDA) is distributed to the prospeticve vendor via a DocuSign integration. As soon as the NDA is signed, a workstream kicks off to gather information on the vendor’s privacy policies and data management pratices which populates an initial risk-based security assessment. Each vendor is then sent a tailored assessment based on how they respond to the initial security and risk questions. After all documentation is filled out, the process is handed off to Self Esteem Brands’ legal team for potential risk remediation efforts as well as general onboarding operations.

"One of the best parts about OneTrust Vendorpedia is that we have a single place to search for questionnaires or contracts, especially in the event of an audit. The platform provides a clean, easy-to-use repository where we can filter assessments based on search terms and other unique identifiers. We’re confident in the return on investment and look forward to onboarding vendors in a quicker, more secure fashion."

 

Mitchell Samuel, IT Technology Administrator

Vendor risk management fitness is a marathon, not a sprint

Self Esteem Brands’ vendor risk management program is continuing to evolve as consumer expectations, digital transformation, and regulatory requirements evolve. Looking ahead, the company intends to leverage OneTrust Vendorpedia’s pre-built system integrations as well as its open API framework to increase efficiencies.

"OneTrust Vendorpedia has been key to our vendor risk management success. The technology has maintained its simplicity while continuing to introduce new capabilities and tools that support our evolving needs."

 

Brian Smith, Senior IT Project Manager


You may also like

Webinar

Responsible AI

Unpacking the EU AI Act

Prepare your business for EU AI Act and other AI regulations with this expert webinar. We explore the Act's key points and requirements, building an AI compliance program, and staying ahead of the rapidly changing AI regulatory landscape.

July 12, 2023

Learn more

Webinar

Consent & Preferences

Live demo: How to automate consent and preference management with OneTrust

In this webinar, we demonstrate how OneTrust Consent and Preferences helps build stronger customer relationships by providing transparency, giving users control over their data use, and delivering personalized experiences.

June 29, 2023

Learn more

Webinar

Privacy Management

Unpacking the EU-US DPF

In this webinar, we cover the new EU-US Data Privacy Framework (EU-US DPF) and what privacy program managers need to know for post-Schrems II data transfers.

June 28, 2023

Learn more