Introduction
As enterprise supply chains and third party relationships grow in complexity, the need for dedicated software to holistically manage associated risks has risen considerably. While spreadsheets and siloed point solutions were acceptable in the past, today’s enterprises require integrated platforms that facilitate end-to-end visibility and control. This blog analyzes the leading third party and supplier risk management software currently available to help enterprises mitigate risks and ensure compliance.
Methods of Evaluation
To evaluate the top platforms, factors like functionality, popularity, integration ability and customer reviews have been considered. Popularity is determined based on metrics like backlinks, website traffic and keyword search trends over the last year. Functionality is assessed based on domains covered and configuration options available. Integration capabilities focus on compatibility with other key enterprise systems. Insights are also drawn from leading analyst reports and customer case studies featuring implementation successes and challenges.
1. IBM Security Guardium
IBM Security Guardium is a leading third party and supplier risk management solution. Guardium helps organizations assess, monitor and audit risks across their extended supply chains. The solution provides deep visibility into supplier networks and helps ensure ongoing compliance with industry regulations and standards.
Pros: Key advantages of IBM Security Guardium include: – Comprehensive supply chain risk assessment questionnaires – Continuous monitoring of third party networking and systems – Integration with IBM QRadar for security insights – Strong certifications including ISO, SOC 2 and others – Dedicated account teams and professional services
Cons: The main disadvantage is the high total cost of ownership compared to some open source and smaller vendor solutions. The premium pricing reflects Guardium’s scale, features and IBM’s expertise however.
Pricing: IBM Security Guardium pricing is based on the number of suppliers monitored and data sources integrated. Annual subscription fees start at around $50,000 per year for smaller deployments. Larger enterprises typically pay over $500,000 annually for enterprise-wide coverage of their third party ecosystems.
Some key stats about IBM Security Guardium include: – Used by over 3000 global organizations – Assesses risks for suppliers across 150 countries – Integrates with IBM QRadar SIEM for expanded monitoring capabilities – Analyzes over 10 million security events from partners per day
2. SAP GRC
SAP GRC is SAP’s flagship solution for integrated risk management, compliance and audit management. As one of the largest enterprise software companies, SAP offers GRC as a suite of applications that can be integrated within their broader ERP and business applications.
Pros: Some key advantages of SAP GRC include: its tight integration within the broader SAP ecosystem allowing for a unified risk and compliance view, its focus on automating regulatory compliance workflows and monitoring, its breadth of modules that provide a single platform for multiple risk and audit functions.
Cons: A potential disadvantage is that as an integrated suite from a large ERP vendor, SAP GRC may be more expensive than some stand-alone or niche risk management solutions.
Pricing: Pricing for SAP GRC depends on the number of users, modules implemented and type of deployment (on-premise or cloud). Annual subscription costs usually range between $150-$400 per user.
Some key stats about SAP GRC include: used by over 6,000 customers worldwide across all industries, integrates with over 30 SAP applications like Financials, Supply Chain and HR, includes modules for controls monitoring, internal audits, policy management and more.
3. Thomson Reuters
Thomson Reuters is expanding its expertise in risk management and compliance with the launch of its new Third Party & Supplier Risk Management software. As a longtime leader in providing intelligence, technology and expertise for critical decisions, Thomson Reuters leverages extensive regulatory change monitoring and powerful data integration to deliver an integrated third-party risk solution.
Pros: Key advantages of the Thomson Reuters Third Party & Supplier Risk Management software include its leading regulatory change management and monitoring functionality, strong data integration capabilities pulling from numerous internal and external sources, and reputation as a trusted provider of risk intelligence and compliance solutions with decades of experience.
Cons: As a new entrant to the dedicated third-party risk management space, the software may not have as many existing customers or implementations as some competitors. Customers will need to implement and configure the necessary data integrations.
Pricing: Pricing is based on the number of third parties being onboarded and monitored, with modular add-ons available for customized regulatory change alerts, adverse media screening, and additional data sources. Thompson Reuters representatives can provide customized quotes based on specific organizational needs and scope.
The software monitors over 45 global jurisdictions for regulatory changes impacting third parties. It integrates data from over 200 sources including sanctions lists, adverse media, and financial databases. The platform currently manages risk for over 500,000 third parties across multiple industries.
4. Wolters Kluwer
Wolters Kluwer provides third party and supplier risk management software as part of their Governance, Risk and Compliance (GRC) suite. Their software helps organizations conduct risk assessments of third parties, monitor ongoing performance, and ensure regulatory compliance on an ongoing basis. The software provides tools to manage the entire third party risk lifecycle from initial assessment through ongoing review and renewal.
Pros: Key advantages of Wolters Kluwer’s third party and supplier risk management software include a focus on regulatory compliance requirements, pre-built templates and assessments for common risk types, and integration within their broader GRC suite for a unified view of risk across the organization.
Cons: A potential disadvantage is that the software may be more full-featured than some organizations need, increasing costs. Customization and implementation services also increase initial costs compared to some simpler, standalone solutions.
Pricing: Pricing for Wolters Kluwer’s third party and supplier risk management software is not publicly disclosed and varies based on the number of third parties, modules implemented, and professional services required for customization and training. Annual software licenses and maintenance fees apply.
Some key stats about Wolters Kluwer’s third party and supplier risk management software include: can manage risks for over 5,000 third parties; templates support over 50 different compliance requirements including GDPR, SOX, and ISO; integrated with other GRC solutions for a holistic risk management approach.
5. OneTrust
OneTrust is a market-leading third party and supplier risk management software. Founded in 2016, OneTrust has quickly become the top choice for enterprises needing a single platform to address their privacy, security and risk needs across the entire third-party ecosystem. With customers in over 100 countries, OneTrust is used by over 10,000 customers to manage their third party risks.
Pros: Some key advantages of OneTrust include:
– Comprehensive platform to address privacy, security and risk across the third party ecosystem
– Automates repetitive tasks like risk assessments and helps ensure consistent third party oversight
– Integrates within existing GRC and other systems to streamline third party management
– Large partner ecosystem to extend capabilities through pre-built connectors and applications
Cons: Potential disadvantages include:
– Higher premium pricing compared to some niche players
– Steeper learning curve for configuring customized workflows and integrations
Pricing: OneTrust offers pricing based on the number of third parties and systems being connected. Example pricing plans include:
– Essentials Plan: Starts at $2K/year for up to 50 third parties managed
– Advantage Plan: Starts at $5K/year for up to 250 third parties managed
– Premier Plan: Custom pricing for enterprise-grade capabilities and support
Some key stats about OneTrust include:
– Manages third party risks for over 10,000 customers globally
– Provides compliance capabilities across 100+ countries and regions
– Integrates with over 75 different systems like ServiceNow, SAP and MetricStream
– Automates workflows for third party due diligence with customized questionnaires
6. RSA Archer
RSA Archer is a leading third party and supplier risk management software developed by RSA. Archer offers a comprehensive GRC platform that allows organizations to gain visibility and manage all elements of risk across the enterprise from a single system. Some key capabilities for third party risk management include risk assessments, document management, contract management, compliance management and continuous monitoring.
Pros: Some key advantages of RSA Archer for third party risk management:
– Integrated platform to manage all risk including third party risk from a single system
– Ability to customize third party modules as per unique business needs and processes
– Automates workflows for risk assessments, document management and ongoing monitoring
– Offers role-based accessibility for third party users to manage their risks
– Facilitates collaboration between internal teams and external third parties
Cons: One potential disadvantage could be the initial setup and customization costs involved in implementing the Archer platform for a new customer’s specific requirements.
Pricing: RSA Archer pricing is customized based on the number of licensed users, number of modules/functionality required and level of customization. It is generally available in annual subscription-based tiers ranging from tens of thousands to millions of dollars depending on organization size and module configuration.
Some key stats about RSA Archer’s third party risk management capabilities:
– Used by over 4000 companies globally including 80% of Fortune 500 companies
– Supports over 17 different risk categories including third party, cyber security and audit risks
– Integrates data from over 150 different systems using APIs
– Offers out of the box and customizable reports and dashboards
7. Qualys
Qualys Container Security allows companies to securely adopt containers through comprehensive vulnerability management and continuous protection of containerized applications. It offers deep visibility into container infrastructure, code integrity and runtime security.
Pros: Some key advantages of Qualys Container Security include:
– Vulnerability management integration that scans containers for vulnerabilities and generates prioritized remediation advice
– Automates assessment workflows and policies to continuously assess risk across container infrastructure
– Provides configurable risk scoring to prioritize the highest risks for remediation
Cons: One potential disadvantage is that the platform requires agents to be installed on container hosts to scan containers, which may introduce some implementation overhead.
Pricing: Qualys Container Security pricing starts at $2,000 per year for the basic Protect plan, which includes scanning of up to 500 Docker containers. The premium Defend and Defend Continuous plans scale pricing based on the number of containers scanned.
Some key stats about Qualys Container Security include:
– Scans over 1 million Docker containers per day
– Supports over 20 container orchestration platforms including Kubernetes, Docker, Amazon ECS and Azure Kubernetes Services
– Supports Linux, Windows and Alpine containers
8. SAP Ariba
SAP Ariba is a leading third party and supplier risk management software developed by SAP. With over 30 years of experience in enterprise applications, SAP provides a robust suite of procurement and spend management solutions including Ariba. Ariba offers comprehensive third party risk, compliance and performance management capabilities integrated with SAP’s broader ERP and GRC products.
Pros: Key advantages of SAP Ariba include: Well-established supply chain network integrated with SAP ERP and GRC systems, Robust supplier risk and performance evaluation capabilities including financial health checks and centralized supply chain monitoring, Deep integration facilitates end-to-end third-party lifecycle management from onboarding to offboarding.
Cons: A potential disadvantage is the large upfront investment and implementation effort required to deploy the full suite of SAP procurement solutions due to their complexity and scale. SAP solutions work best for very large global enterprises with significant existing SAP infrastructure investments.
Pricing: Pricing for SAP Ariba depends on the specific modules deployed and number of users but generally starts at tens of thousands of dollars per year for basic risk and procurement functionality. Integration with other SAP products like ERP systems requires additional licensing costs.
Some key stats about SAP Ariba include: Over 5 million suppliers currently integrated on the Ariba Network, $3 trillion in annual transaction volume facilitated, Used by over 3500 global enterprise customers including 70% of Fortune 500 companies.
9. SafetyCulture
SafetyCulture is a cloud-based third party and supplier risk management software. The platform allows companies to manage all aspects of their third party relationships from onboarding and risk assessments to ongoing monitoring and exception management. SafetyCulture offers a complete solution to help companies gain visibility and control over risks in their extended supply chain.
Pros: Key advantages of SafetyCulture include:
– Cloud based platform allows for easy implementation and access from any device
– Supplier self assessment questionnaires identify risks and compliance gaps upfront
– Real-time control monitoring alerts users to issues or exceptions at third party sites
Cons: One potential disadvantage is that the full capabilities of the platform require an investment in implementation and ongoing subscription fees.
Pricing: SafetyCulture offers flexible pricing plans tailored for organizations of different sizes. Pricing is subscription based starting from $49 per user per month for smaller businesses up to customizable enterprise plans for larger deployments.
Some key stats about SafetyCulture include:
– Used by over 10,000 companies globally to manage third party risks
– Supports 25+ languages and is available globally
– Over 5 million inspections performed on the platform annually
10. SecurityScorecard
SecurityScorecard is a leading third party and supplier risk management software. Founded in 2013, SecurityScorecard automates security ratings for organizations to manage cyber risk exposure across the supply chain. With continuous monitoring of global hacker activity and product vulnerabilities, SecurityScorecard examines over 2 million companies and rates them based on over 1,200 controls across the biggest frameworks.
Pros: Key advantages of SecurityScorecard include:
– Automates cyber risk assessments with continuous monitoring and ratings
– Integrates vulnerability data from multiple sources for a comprehensive view
– Allows organizations to customize profiles and dashboards as needed for their business
Cons: One potential disadvantage is that SecurityScorecard ratings require substantial data from both internal and external vulnerability assessments and systems. Organizations with limited scanning coverage may receive incomplete ratings initially.
Pricing: SecurityScorecard pricing is based on the number of rated entities and integrations needed. Plans range from $5,000 per month for a basic Starter package to custom Enterprise plans for large organizations rating thousands of suppliers globally.
Some key stats about SecurityScorecard include:
– Rates security posture of over 2 million organizations globally
– Integrates data from over 50 vulnerability and attack surface management providers
– Customers include large enterprises in financial services, healthcare, retail and technology
11. Galvanize
Galvanize is a leading third party and supplier risk management software. The Galvanize platform provides organizations with comprehensive governance, risk management and compliance (GRC) capabilities to assess and monitor risks across their third party ecosystem. Through continuous monitoring and AI/ML-driven assessments, Galvanize helps organizations proactively identify and address risks in their third party relationships.
Pros: Some key advantages of the Galvanize platform include:
– Comprehensive GRC platform covering multiple risk domains like information security, business continuity, financial stability etc.
– Continuous monitoring and control assessment capabilities to proactively identify and react to risk issues
– Leverages AI/ML to analyze vast amounts of public and private data sources to gain deeper insights into third party risks
Cons: One potential disadvantage is that the upfront implementation and configuration of the Galvanize platform requires significant effort and resources from the customer organization.
Pricing: Galvanize pricing is typically quoted based on the implementation scope and number of third parties/suppliers to be onboarded and monitored. Plans generally start at $5,000/month for smaller deployments.
Some key stats about the Galvanize platform include:
– Over 1000 customers globally across industries like financial services, healthcare, retail and more
– Assesses over 50,000 suppliers and third parties annually
– Continuously monitors over 500 different risks and compliance requirements
12. MasterControl
MasterControl provides third party and supplier risk management software to help companies assess and manage risks from external partners and vendors. Their software leverages artificial intelligence and automation to streamline risk assessments, audits, corrective actions and more. With comprehensive modules for quality management, compliance and more, MasterControl aims to be a one-stop-shop for enterprise quality and risk management needs.
Pros: Some key advantages of MasterControl’s third party risk management software include:
– Automated risk assessment workflows to identify and address issues faster
– Configurable templates and forms tailored for different partner types
– Integration with other quality systems for a unified view of risks
– Role-based access controls and electronic signatures for compliance
– Advanced analytics and reporting on risk levels and mitigation efforts
Cons: One potential disadvantage is that MasterControl’s software is more suited for large enterprises with extensive quality and regulatory needs versus smaller companies. The platform requires dedicated implementation and may have a steeper learning curve compared to some point solutions.
Pricing: Pricing for MasterControl’s software is not publically listed and varies based on the number of users, modules, services and customization required. Prospective customers would need to request a custom quote from one of their sales representatives.
Some key stats about MasterControl include:
– Over 300 employees worldwide
– Used by over 1000 companies globally
– 15+ years of experience in quality and regulatory software
– Support for 21 CFR Part 11, EU Annex 11 and other global compliance regulations
13. MetricStream
MetricStream is one of the leading and most widely used third party and supplier risk management software. Founded in in 2002, MetricStream has over 2,000 global customers across various industries. The company is headquartered in San Mateo, California and has offices across the US, EMEA and APAC regions.
Pros: Some key advantages of MetricStream include:
– Widely used in large enterprises globally for mature and robust GRC platform
– Mature and feature rich platform for third party risk management needs
– Strong integration capabilities with other enterprise systems like ERP, CRM etc.
– Continuous innovation and addition of new features and capabilities
Cons: One potential disadvantage could be the pricing as MetricStream targets large enterprise customers with sophisticated GRC needs. The pricing may be higher compared to some other options for small and medium businesses.
Pricing: MetricStream pricing is typically available only via enterprises sales teams. Pricing is based on various factors like number of users, modules, customizations etc. It is aimed at large enterprises with sophisticated third party risk and compliance needs with budgets to match.
Some key stats about MetricStream include:
– Over 2,000 global enterprise customers including 50% of Fortune 500 companies
– Supports 17 different languages
– Assessment of over 1 million third parties annually
– Integrations available with over 40 enterprise systems
14. Ivalua
Ivalua is a leading provider of cloud-based third party and supplier risk management software. Founded in 2000, Ivalua helps organizations manage procurement, spend analytics, contracts, supplier information and performance. With over 300 customers in 40 countries, Ivalua aims to provide a single platform to manage the entire source-to-pay process and third party risk.
Pros: Some of the key advantages of Ivalua’s third party and supplier risk management software include:
– Specialized modules for supplier evaluation, performance management and monitoring
– Comprehensive risk assessment criteria and triggers
– Integration with other Ivalua procurement modules for a holistic source-to-pay solution
– Flexible deployment either on-premise or in the cloud
Cons: One potential disadvantage is that Ivalua targets larger enterprise customers, so the software and pricing may not be suitable for smaller organizations with fewer suppliers and spend under management.
Pricing: Ivalua pricing is based on annual contract value, number of users, and desired functional modules. Specific pricing is available upon request from an Ivalua sales representative.
Some key stats about Ivalua include:
– Over 20 years of experience in procurement technology
– Used by over 300 enterprise customers worldwide
– Integrations with over 25 ERP/finance systems like SAP, Oracle and IFS
– Manages over $500B in annual supplier spend
15. Riskonnect
Riskonnect is a leading third party and supplier risk management software. Founded in 2002, Riskonnect helps organizations manage risks, ensure compliance, and improve performance across their global supply chain and extended enterprise. The company’s flagship software platform is the industry’s most comprehensive risk management solution and provides a single point of truth for analyzing and monitoring risks holistically.
Pros: Some key advantages of Riskonnect include:
– Comprehensive end-to-end risk management solution
– Strong cybersecurity risk assessment capabilities
– Automated compliance reporting and dashboard
– Continuous monitoring and alerts on risk changes
Cons: One potential disadvantage is the platform requires significant configuration and setup which involves time and cost at implementation. However, once configured it provides significant efficiencies ongoing.
Pricing: Riskonnect offers flexible pricing models including annual subscription licenses and perpetual licenses. Pricing is typically based on number of users, modules, and additional services required. For an exact quote, requests can be submitted on their website.
Some key stats about Riskonnect include:
– Over 4,000 customers globally across industries like financial services, healthcare, manufacturing, and more
– Largest global risk management network with over 4 million assessed third party entities
– Used in over 180 countries
– 20+ years of experience in risk management software
Conclusion
Managing third party and supplier related risks requires a holistic approach supported by the right software. The platforms analyzed in this blog aim to deliver the required functionality while ensuring flexibility. With growing regulatory focus on supply chain security and data privacy, investment in such integrated platforms will continue growing. Continuous product enhancements will also be critical to address the evolving risk landscape. Proactive evaluation and selection can help enterprises derive maximum value in meeting compliance needs and strengthening relationships.