Skip to main content
Case studies

Lowes TPRM Case Study

Lowes TPRM Case Study

Requirement

Assist a mid-size home remodeling company with compliance relating to Lowe’s Third Party Risk Management requirements.

Issues

The client had been working with Lowe’s for years, but was now required to comply with Lowes’ Third Party Risk Management requirements for all vendors and agents.

Additional issues for the client

No Experience with Compliance at this Level: The client had never undertaken any type of external compliance reporting project, thus, was unprepared for this level of workload now being placed on them.

No Documentation: The client had no existing information security policies and procedures. Additionally, they had not formalized any programs or plans relating to incident response, contingency planning, and other critical IT areas.

Unclear Roadmap: The client was also unsure of where to even begin in terms of such a daunting compliance project. There were different opinions and recommendations, all of which had a number of challenges.

Solution

Centris deployed a team of experts specializing in Lowe’s Third Party Risk Management compliance that successfully accomplished the following:

  • Defined project scope and client participation.
  • Identified all control gaps and recommendations for remediation.
  • Completely reviewed all current security policy documentation and began authoring information security policies and procedures specific to the actual Lowe’s Third Party Risk Management compliance requirements.
  • Established contact and working relationships with all in-scope third-party vendors to begin the all-important task of identifying all external suppliers.

Outcome

  • Performed an independent cybersecurity assessment as required by Lowe’s.
  • Built and deployed an all-new information security, governance, and regulatory compliance program, one complete with policies, procedures, and processes.
  • Created a true culture of compliance where employees now understand and value information security, cybersecurity, and data privacy.
  • Implemented a continuous monitoring program for ensuring controls are properly monitored long after the consultants are gone.

Duration: 3 Months

Get the case study

Download the case study
Why Centris
As an internationally recognized business consulting firm, our highly trained employees work in every conceivable industry/sector in the global business arena. Centris has the knowledge and expertise you need for solving the challenges you’re facing. Our professionals are at the forefront of many of today’s most pressing risk, privacy, cybersecurity and compliance issues affecting organizations. We have a deep bench of talented professionals ready to go to work for you.
Ready to talk?