Global Oil and Gas Company Transforms Third Party Risk Management banner image

Global Oil and Gas Company Transforms Third Party Risk Management

The TPRM transformation program resulted in a robust, scalable, and efficient framework that effectively manages third-party cyber risk.
Our client is a global oil gas and energy company that was looking to overhaul its Third-party Risk Management (TPRM) program. The goal was to identify and address gaps in their existing processes and to develop a strategy and operating model that ultimately establishes a "best-in-class" TPRM program, leveraging technology to drive efficiency and effectiveness. 

The Challenge 

To overhaul their TPRM, our client faced several challenges, including:  

  • Fragmented Processes: The TPRM program relied heavily on manual, point-in-time assessments, inefficient for the volume of suppliers. 
  • Lack of Standardisation: Inconsistent processes and unclear roles hindered effective risk management. 
  • Limited Automation: The absence of automated tools resulted in slow and subjective risk assessments. 
  • Inadequate Reporting: Existing systems did not provide sufficient data for informed decision-making.  

The Solution 

To address these challenges, our client brought on Bridewell to help them adopt a systematic approach:  

  1. Discovery Phase:  
  • Conducted comprehensive sessions to understand current practices, roles, responsibilities, and systems.  
  • Mapped out the supplier ecosystem to identify key stakeholders and processes.  

  1. Gap Analysis and Maturity Assessment:  

  • Performed a deep dive analysis to identify gaps.  
  • Assessed the maturity of current processes against industry best practices.  
  • Delivered a detailed report with findings and a roadmap for improvement.  

  1. Technology Selection:  

  • Requirements gathering and market analysis 
  • Completed a technology proof of concept 
  • Initiated a Request for Proposal (RFP) process to identify a suitable TPRM tool. 
  • Identified a tool meeting our client’s requirements, including automation, data reporting, and effective risk-management.  

  1. Implementation and Integration:  

  • Defined the target architecture 
  • Supported the selection and managed the onboarding and configuration of the TPRM tool, including staff training. 
  • Conducted a pilot to test the new system and refine configurations.  

  1. Stakeholder Engagement and Training:  

  • Worked closely with stakeholders to gain support for the program. 
  • Provided technical project management and subject matter expertise.  

  1. Ongoing Monitoring and Reporting:  

  • Established continuous monitoring mechanisms for compliance and risk management. 
  • Delivered objectives and key results monthly, regularly reporting success and business value achieved.  

The Results  

The TPRM transformation program resulted in a robust, scalable, and efficient framework that effectively manages third-party cyber risk. By leveraging technology and standardising processes, the client is transitioning from manual, point-in-time assessments to a dynamic, data-driven approach, achieving a "best-in-class" TPRM program.  

  • Enhanced Efficiency: Automation reduced time and effort, enabling effective management of a large supplier base.  
  • Improved Risk Visibility: The new tool provided robust data and reporting capabilities.  
  • Standardised Processes: Clear roles and standardised processes improved consistency. 
  • Regulatory Compliance: Continuous monitoring ensured compliance with regulatory standards. 
  • Stakeholder Confidence: Transparent and regular reporting increased trust among stakeholders.  

 

All Customer Stories

Global Oil Gas and Energy Company

Industry

Energy

Featured Services

All Customer Stories