CTG's Risk Profile Manager (CTG RPM) solution is a unique and powerful ontology-based Software as a Service (SaaS) that enables more effective and efficient vendor risk assessment and management than traditional solutions. We offer advantages not found in other solutions:
- The value-add of Dun & Bradstreet CTG RPM combines vendor information with Dun & Bradstreet's independent business data to generate a composite score that better profiles inherent risk across key risk categories.
- A scoring approach that prioritizes and focuses vendor assessment campaigns CTG RPM uses multi-factor profiles to identify service providers that likely pose the greatest risk to an organization. Where inherent risk is high, CTG RPM manages an organization's risk assessment workflow from initial request for information to vendor certification.
- Automated risk scoring throughout the assessment lifecycle CTG RPM helps organizations initially identify a vendor's potential or inherent risk based on their profile and via third-party data feeds. CTG RPM then continuously and automatically updates and maintains the risk scores as information is obtained and refined regarding controls mitigating certain risk aspects, or third party data sources provide additional insight or updated information regarding the risk profile.
- Focused and relevant questionnaires CTG RPM develops question sets tailored to each vendor, provides the Shared Assessments Group (SIG) questions as a resource, and can be customized to include a common "baseline" set of questions or to address specific requirements of Health Insurance Portability and Accountability Act (HIPAA), GLBA, the Payment Card Industry (PCI) Data Security Standard (DSS), ISO/IEC 27001:2005, or other security, privacy, or industry standards and regulations.
- Workflow support for the assessment process CTG RPM supports the full vendor assessment cycle, with workflow features that streamline the steps needed to take a vendor from identification to certification and tailors assessment campaigns to an organization's needs. It also supports a variety of assessment approaches, then tracks vendor remediation and management certification once risk has been addressed.
Using ISO 27001 standards as the control framework, CTG developed a cross-referencing matrix for our RPM that can map regulatory requirements to an ISMS. It also provides a "dashboard view" of vendor risk and is a SaaS, buy-what-you-need solution.
For more information, contact rpm@ctg.com.