COBRA

VENDOR RISK MANAGEMENT PLATFORM

An End-to-End service on a unique platform operated by security specialists to target your vendor risks

Balance local accountability for decision making with centralised oversight

Take action based on the results of advanced analytics and relevant reports

Drive efficiency in an otherwise labour intensive and complex risk process

Compare vendor data with intelligence from a variety of open sources

Implement a full Vendor Risk Management program

It takes the heavy work off your hands, leaving you to manage risk at the strategic level based on the most up to date, relevant information available.

User Interface & Navigation

Full Profile management with dashboards for up to the minute view of risk status and programme implementation.

Easy & Intuitive
Access & User Controls
Browser Accessible
Help functionality
Search Capabilities
Analytics & reports
Customer Branding

Easy Reporting of risk data as part of an organisation wide VRM program

Report on project characteristics and statuses with advanced searching capabilities

Dashboard with management information provided to understand status, performance and trends, and to easily access the highest priority risks and issues

Easy to access and intuitive questionnaires to make it easy for suppliers to describe their security, with advanced telemetry and analytics for risk scoring

Comprehensive Assessment

Categorise vendors into risk tiers, including customisable capabilities to support detailed assessment of risks.

Vendor self-service to complete assessment
Configurable surveys and questionnaires
Intuitive questions automatically checked for quality of completion
Templates to support specific regulatory mandates

Independent Validation

Continuously monitored, automatic Open Source Intelligence driven independent verification of each vendor's risk landscape to qualify and inform the validity of the vendor's internal assessment and prioritise risks for visibility:

Configuration
Attack Surface
Data Leakage
Social Vulnerabilities

Easily access all project risk submissions and assessments

Convenient and secure user experience for suppliers to provide documentation and evidence of their security

Workflows & Collaboration to assess, validate and monitor controls

Cross-organisation collaboration for automated decision making and escalation

Assess the effectiveness of controls
Workflow process management
Immediate visibility of anomalies
Vendor risk modelling
Tracking against historic risk changes

Discrete project risks are identified and defined, with the residual risk calculated from the project findings

Project findings are defined outlining vulnerabilities that could be exploited. Those of concern can be raised as remediation requests with the supplier

Remediation and Exception Management

Manage vendor risk exceptions in relation to ongoing control requirements:

Issue and exception logging
Remediation and clarification actions
Address approved and non-approved exceptions
Follow up process for re-evaluating exception conditions

The platform provides a single location for governance, with individual business functions able to approve, or 'Sign Off', the project with evidence, review dates and the ability to revoke

See at a glance the risk landscape you are responsible for, and drill into those projects where the risk is outside the tolerable levels