Managing third-party risk during onboarding doesn’t stop after an initial risk assessment. Ensuring that contracting aligns and supports risk mitigation and controls is an essential, and often disconnected, piece of the third-party management lifecycle.
To help organizations take a holistic approach to the third-party contracting and risk management process, OneTrust has partnered with Ironclad to create an end-to-end capability for automating procurement and risk management processes.
What is Ironclad?
Ironclad is a digital contracting platform to manage the entire end-to-end lifecycle of your business contracts. Your procurement team can build and deploy contract workflows, gather data from contracts with AI in real-time, and loop in sales, legal, and business teams to activate complex approvals.
How does the Ironclad and OneTrust partnership work?
Ironclad and OneTrust can deliver risk-informed digital contracting so businesses can monitor risks in real-time through the contract lifecycle. The joint solution will help businesses:
- Understand risk before engaging with vendors: Deliver risk-based contracting that allows businesses to evaluate risk prior to engaging with third-party vendors
- Enhance GRC with automated risk controls: Control approvals, trigger-automated actions and activate preferred fallbacks to guide contract review
- Create more secure contracts: Create flexible contracts that adapt to the changes in a business’s risk tolerance to proactively monitor vendors that pose potential threats
Combining the companies’ efforts in this space enables:
- A source of truth for contracts and risk
- Legal, procurement, and InfoSec/security buyers to have cross-visibility
- Purpose-built platform for managing contractual review and compliance and identifying vendor risk to inform contract review
Seamlessly integrating procurement with third-party risk management
Procurement needs to be the front line when it comes to third-party management because it knows the business best. There’s a level of due diligence needed between sourcing each activity, which is an integrated function of procurement.
Beyond that initial contracting and onboarding phase, businesses need to monitor contracts associated with that supplier or third party across the entire lifecycle of their engagement with the third party.
Contracts being sourced through the procurement phase can and should be used as an ability to hedge business risks. Third-party risk assessments and contracts are often carried out in silos, and as a result, residual risks are accepted or rejected, while nothing is noted in other tracking systems. Finally, “loose” contracts are created and missed opportunities abound.
The challenge becomes a series of disconnected systems. With the Ironclad and OneTrust partnership, we can begin to automate and create efficiencies within this process.
“We can connect in the other systems that we need in order to work with other parties to have a single lens for risk managers to look through,” said Jason Sabourin, Director of Product Management at OneTrust. “If we’re doing third-party risk assessments in OneTrust, or we’re doing contract lifecycle management in a CLM tool like Ironclad, or we’re doing procurement in a procurement tool, we can potentially bring those data points in for the risk manager so they don’t have to worry about looking in other systems to understand if there’s risk present, or if they’re just looking for information about the third party, like where it’s being hosted or how much we’ve spent with them in the past.”
Contract lifecycle management and third-party risk management can be visualized as two gears that spin in the proper direction when correctly intertwined.
