Skip to main content
Case studies

Supply Chain II Case Study

Supply Chain II Case Study

Requirement

Assist a large and growing e-commerce provider with comprehensive cybersecurity measures throughout their supply chain.

Issues

With over 3,500 different products being sourced from approximately 485 vendors, the client (a California based e-commerce company), wanted assurances that their supply chain was safe and secure from today’s growing cybersecurity threats. They had never conducted any meaningful cyber due-diligence on their vendors, but with explosive growth, they saw the immense risks that could potentially harm their highly successful e-commerce platform.

Additional issues for the client

No Experience with a Project of this Magnitude: While the client had some familiarity with cybersecurity best practices, they had no real understanding of the complexities in terms of addressing, designing, and executing such a program for their incredibly large - and growing list - of third-parties for whom they were sharing data with. They needed immediate help.

No Cybersecurity Documentation: With little experience - and no real understanding - in terms of cybersecurity best practices when it came to their vast, complex - and growing - supply chain, naturally, the client had no formalized policies and procedures in place. Additionally, they were also void of any real or meaningful Third-Party Risk Management (TPRM) measures.

Unclear Roadmap: With such a large - and fast growing - list of third-parties, the client was also unsure of where to even begin in terms of such a daunting compliance project. There were different opinions and recommendations, all of which had a number of challenges.

Solution

Centris deployed a team of experts specializing in both Third-Party Risk Management (TPRM) program development and cybersecurity that successfully accomplished the following:

  • Defined project scope and client participation, assigning roles, responsibilities - and hard deadlines and deliverables - to all personnel involved on the project.
  • Identified all 485 vendors and ranked them accordingly in terms of overall risks to the organization.
  • Developed a comprehensive Third-Party Risk Management (TPRM) program that incorporated not only provisions for data privacy, but also measures relating to other critical aspects of TPRM.

Outcome

  • Built and deployed an all-new TPRM program, which included a comprehensive data privacy program with regards to sharing data with third-parties.
  • Created a true culture of compliance where employees now understand and value data privacy and the importance of protecting the organization’s supply chain.
  • Implemented a continuous monitoring program for ensuring the TPRM program is properly monitored long after the consultants are gone.

Duration: 9 Months

Get the case study

Download the case study
Why Centris
As an internationally recognized business consulting firm, our highly trained employees work in every conceivable industry/sector in the global business arena. Centris has the knowledge and expertise you need for solving the challenges you’re facing. Our professionals are at the forefront of many of today’s most pressing risk, privacy, cybersecurity and compliance issues affecting organizations. We have a deep bench of talented professionals ready to go to work for you.
Ready to talk?