How Beachbody Improves Its TPRM Program Health with Mitratech

Beachbody is a multi-platform health and wellness company that offers exercise programs, supplements, and nutrition guidance to end users. They pair a wide variety of expert-led workouts and positive-mindset master classes with comprehensive nutrition guides, calendars, and supplements, each proven to deliver results. The Beachbody community is composed of world-renowned trainers, top nutritionists and scientists, thousands of customers-turned-support coaches, and over 2 million customers – all providing the necessary motivation and accountability for success.

The Challenge

At Beachbody, the security and legal teams work very closely together. The security team is responsible for the third-party risk management program, which is led by Sam Cortez, Director of Security Governance and Compliance. Sam conducts a security review of every new vendor before legal reviews the contract terms. This timely review helps him determine how risky it could be to do business with the vendor before legal goes through the work of negotiating contract terms.

Sam previously ran this process using SmartSheetTM and a condensed version of the Shared Assessments Standard Information Gathering (SIG) questionnaire. Sam had used the SIG as a base to create a survey more relevant to Beachbody. Based on the answers in the assessment, the SmartSheets form that Sam created would then provide a risk score for the vendor. Beachbody could then address the identified risks.

“When our CISO recognized how manual the process of assessing vendors was, he recommended a service to help us to save time on the work of sending out vendor assessments and reviewing them for risks,” Sam said. Sam and the Beachbody team sought a solution that could evolve their TPRM program from the manual process they’d developed into one that could scale more effectively.

The Solution

Beachbody selected the Mitratech TPRM Platform, including Vendor Threat Monitor for continuous risk monitoring and the Vendor Intelligence Network for pre-filled assessments. Sam said that the Mitratech Platform is tightly integrated into their process. “I use Mitratech to not only gather monitoring data and review questionnaire responses, but also to take notes about each vendor that we work with. When the vendor contract comes up for renewal, I can review my notes and work with them to address any outstanding issues,” Sam said.

Sam uses these notes, which can include emails converted to PDFs and other documentation, to validate previous assessments and then expand to evaluate any net-new services they might be adding. Sam signs off on any vendor that Beachbody works with, so these notes are crucial to provide insight to other members of the security team, especially if one of their vendors gets breached.

Sam also uses Mitratech as a central repository for third-party risk management intelligence. He connects Mitratech’s Vendor Threat Monitor solution with other intelligence tools and uses the Mitratech dashboard as directional guidance for where he may need to investigate further. Mitratech is the central platform in the Beachbody third-party risk program.

Results & Looking Ahead

Beachbody has saved a lot of time in their TPRM program with Mitratech. Sam’s previously manual process was very time-intensive, and with Mitratech, he can now assess new vendors faster and conduct due diligence during renewals more efficiently.

Mitratech’s solution ensures that Sam can continue to assess vendors efficiently even with limited resources. To further drive benefits from Mitratech, Sam aims to spend more time with the platform’s reporting features and integrate them into his reporting for board-level consumption.