Drive a Connected GRC Program for Improved Agility, Performance, and Resilience
Power Business Performance and Resilience
Discover ConnectedGRC Solutions for Enterprise and Operational Resilience
Explore What Makes MetricStream the Right Choice for Our Customers
Find Everything You Need to Build Your GRC Journey and Thrive on Risk
Learn about our mission, vision, and core values
The Client: One of the world’s top pharmaceutical companies focused on researching, developing, manufacturing, and marketing new medications
The client needed to onboard new third parties within a week. However, their third-party screening and assessment processes were largely manual and time-consuming. With the MetricStream Third-Party Management App, the client has been able to automate and accelerate third-party assessments, qualification, information updates, and monitoring. In doing so, they have saved time and improved efficiency, while also enhancing visibility into third-party information and risks. Supplier onboarding can now be completed in a week, and up to 10,000 suppliers can be on-boarded every year.
After evaluating multiple solution providers, the client chose MetricStream based on their ability to provide a unified, cloud-based system to manage third-party screening, qualification, and onboarding, as well as updating of third-party information across all business units.
Today, the MetricStream Third-Party Management App, has enabled the client to automate various third-party assessment and qualification workflows. It also provides the scalability to manage tens of thousands of third parties, while integrating with other systems in the organization to collect the data needed to support third-party screening.
The app was deployed over the private MetricStream GRC Cloud, enabling the client to realize faster time to value, as well as high levels of reliability, availability, and security.
Below are the key capabilities of the app used by the client:
The app integrates with the client’s Master Data Management (MDM) system to gather information on all third parties, including new firms or individuals, as well as previously registered parties who have not yet been screened. The system also helps segment and score third parties based on the relative risks around spend amount, country where the third-party is located, and associated products and services. Based on the segmentation score, the organization can determine the level of due diligence and type of assessment required for the third-party.
Some third-parties require payments for their services (classified as “purchasing”), while others don’t (“nonpurchasing”). The MetricStream app helps route each of these third parties through a separate sourcing approval process.
The app also helps add more depth to the information or profile of each third party by capturing key data such as third-party banking details. Only those banking fields that are relevant to a particular third party based on their location are highlighted in the form. This makes it simple for that firm or individual to fill in their details. The app also captures a third party’s D&B D-U-N-S number and diversity status.
Through the app’s online interface, third-party users can update their basic details, address, and contact information. The form can be assigned to them as a task for profile updates. Any changes they make are updated immediately in the system. However, the form fields driving sourcing approval are non-editable for third parties.
When a new third party needs to be screened, the app auto assesses the third party’s profile information, and populates an assessment form accordingly. Based on this data, a series of additional third-party assessments or questionnaires are triggered through the app. These assessments include a code of conduct assessment, ABAC assessment, US Customs Trade Partnership against Terrorism (CTPAT) assessment, Healthcare Organization (HCO) assessment (to determine if the third party is a healthcare organization), Healthcare Professional (HCP) assessment (for individuals), thirdparty vendor assessment, supplier diversity assessment, disclosure assessment, corporate integrity assessment, and adverse events assessments.
The app also provides the ability to score third parties based on the assessment. Depending on each score, users can determine the next assessment to be triggered. They can also validate third-party data based on quality control measures. In addition, third parties can be red flagged wherever necessary.
After the scores are calculated, the app facilitates a third-party qualification process to decide whether the third party should be marked as active, inactive, blocked, qualified, or non-qualified. Following this process, the app pushes the data back to the MDM system for further processing.
Once the third-party screening and assessment process is completed, the app facilitates a 6-month ABAC monitoring activity. It helps the client follow a systematic and consistent approach toward tracking third parties based on ABAC requirements. It also provides a view of previous and current ABAC scores, allowing the company to identify areas of risk or concern. Users have the flexibility to easily define and track tasks for ABAC monitoring.
To support their rapidly growing business, the client wanted to expand their network of third parties. Their goal was to onboard 5,000-10,000 third parties every year for their US operations alone. However, there was one hurdle if these third parties were not screened properly, they could pose a significant risk to the company’s reputation. At the same time, if the screening process took too long, it would delay third-party onboarding, and consequently affect the supply of goods and services to the company.
The company’s objective was to onboard most third parties in 1-2 weeks, and critical third parties, in 1-2 days. This meant that processes for third-party information gathering, assessments, screening, qualification, and onboarding had to be quick and efficient. However, these activities were traditionally managed in a manner that was fragmented, decentralized, and not clearly defined. The client lacked streamlined and sustainable processes, frameworks, and tool sets to manage third-party registration, segmentation, screening, risk assessment, due diligence, qualification, and monitoring. There were multiple stakeholders involved and no centralized governance system.
Considering that each third party had to undergo multiple types of screenings or assessments ranging from Anti-Bribery Anti-Corruption (ABAC) assessments, to supplier diversity and adverse events assessments it was simply not scalable to continue conducting these assessments using manual tools and processes. As a result, the client began looking out for a more advanced solution that would help them automate and accelerate third-party screening, qualification, and onboarding.