COBRA
VENDOR RISK MANAGEMENT PLATFORM
An End-to-End service on a unique platform operated by security specialists to target your vendor risks
Balance local accountability for decision making with centralised oversight
Take action based on the results of advanced analytics and relevant reports
Drive efficiency in an otherwise labour intensive and complex risk process
Compare vendor data with intelligence from a variety of open sources
Implement a full Vendor Risk Management program
It takes the heavy work off your hands, leaving you to manage risk at the strategic level based on the most up to date, relevant information available.
1
User Interface & Navigation
Full Profile management with dashboards for up to the minute view of risk status and programme implementation.
- Easy & Intuitive
- Access & User Controls
- Browser Accessible
- Help functionality
- Search Capabilities
- Analytics & reports
- Customer Branding
Easy Reporting of risk data as part of an organisation wide VRM program
2
Comprehensive Assessment
Categorise vendors into risk tiers, including customisable capabilities to support detailed assessment of risks.
- Vendor self-service to complete assessment
- Configurable surveys and questionnaires
- Intuitive questions automatically checked for quality of completion
- Templates to support specific regulatory mandates
3
Independent Validation
Continuously monitored, automatic Open Source Intelligence driven independent verification of each vendor's risk landscape to qualify and inform the validity of the vendor's internal assessment and prioritise risks for visibility:
- Configuration
- Attack Surface
- Data Leakage
- Social Vulnerabilities
4
Workflows & Collaboration to assess, validate and monitor controls
Cross-organisation collaboration for automated decision making and escalation
- Assess the effectiveness of controls
- Workflow process management
- Immediate visibility of anomalies
- Vendor risk modelling
- Tracking against historic risk changes
5
Remediation and Exception Management
Manage vendor risk exceptions in relation to ongoing control requirements:
- Issue and exception logging
- Remediation and clarification actions
- Address approved and non-approved exceptions
- Follow up process for re-evaluating exception conditions