How National Savings and Investments Secures Its Supply Chain for the Future

National Savings and Investments (NS&I) is one of the largest savings organizations in the UK with 25 million customers and more than £179 billion invested. Because of its unique status as both a retail savings organization and an arms-length government body, NS&I must meet public sector and financial services third-party risk management requirements aimed at protecting customer data.

Prevalent helped NS&I by simplifying and automating the process for managing suppliers and assessing their third parties, which resulted in significant time savings and a solid return on investment.

The Challenge: Manual Supplier Assessments

NS&I works with up to 250 suppliers in a normal year requiring everything from initial onboarding assessments to more than a third requiring annual statements of security assurance. The annual assurance process previously involved assessing suppliers against data, information and physical security requirements using a set of custom questions for suppliers to answer.

Complicating NS&I’s third-party risk management process was a bi-annual SYSC 8 internal audit that requires a layer of controls to ensure that outsourced partners are compliant with systems to protect customer data based on the regime that regulated financial institutions must have in place.

As a result, the manual, back-and-forth, labor-intensive process to assess their suppliers could not be sustained.

The Solution: The Prevalent Third-Party Risk Management Platform

NS&I was looking for a way to automate their third-party risk management process, making it less resource-intensive and more secure for vendors to submit their answers and evidence. To achieve this, NS&I turned to Prevalent.

Prevalent takes the pain out of third-party risk management (TPRM). Companies use our software and services to eliminate the security and compliance exposures that come from working with vendors, suppliers and other third parties. Our customers benefit from a flexible, hybrid approach to TPRM, where they not only gain solutions tailored to their needs, but also realize a rapid return on investment.

NS&I leverages the Prevalent Third-Party Risk Management Platform to:

• Automate the process of designing, sending, tracking and analyzing supplier questionnaires. Pre-configured chasing reminders make it easy to stay on top of supplier status.
• Centralize supplier answers and evidence, providing a single, secure audit trail accessible to the supplier and NS&I team.
• Simplify reporting against SYSC 8 requirements, centralizing the analysis of key control data.

Through their usage of the Prevalent Platform, NS&I is able to enforce accountability with suppliers, offering a much simpler and more user-friendly process for completing security assurance questionnaires and compliance reporting. This increased engagement with suppliers has also resulted in a smoother annual renewal process. As well, NS&I has extended the Prevalent Platform to their outsourced partner for their subcontractors, benefiting from a level of integration that ensures that everyone is using the same solution to monitor compliance.

The Results: Faster Assessments and Improved Productivity

By using the Prevalent Platform, NS&I has reduced the person-hours required to perform third-party risk assessments by at least 33%. The procurement team has improved their productivity dramatically, enabling them to determine which vendor needs to be assessed, communicate with the manager responsible for the account, and send out the survey in about a day.

Because of the time savings gained by using the Prevalent Platform, NS&I can accurately assess their suppliers, achieve their compliance requirements, and offer a simpler process for greater supplier engagement.

Next Steps

Interested in hearing how we’ve helped other organizations? Discover more Prevalent success stories in our customers and case studies section. Want to discuss whether Prevalent may be a fit for you? Request a demo today!