Estelle Joly-Foillard, CyberVadis: By using the CyberVadis solution, our customers can assess and monitor their cybersecurity risk on their whole supply chain
May 2019 by Marc Jacob
CyberVadis was developed by EcoVadis, the global leader in CSR ratings. The company has developed a solution to evaluate the maturity of suppliers in terms of cybersecurity management on an unlimited scale. Estelle Joly-Foillard, CyberVadis’ VP Strategy & Operations, believes that by using the company’s end-to-end solution, its customers have clear and well-defined visibility of cybersecurity risk across their entire supply chain.
GSM: Can you introduce your company? (creation, group, trades ...)
CyberVadis was launched in 2016 by EcoVadis, the world leader in non-financial ratings of suppliers. EcoVadis now employs 700 people worldwide. EcoVadis’ customers include more than 350 industry leaders such as Johnson & Johnson, L’Oréal, Nestlé and Michelin who have evaluated more than 55,000 companies in 120 countries using EcoVadis.
In order to meet needs expressed by our customers, EcoVadis has developed an offer exclusively dedicated to supporting large corporates in the evaluation of the cybersecurity management of their suppliers, CyberVadis.
GSM: What is your flagship product or service for 2019?
CyberVadis enables clients to evaluate the maturity of an unlimited number of suppliers in terms of cybersecurity management.
Our assessment methodology is based on major international standards and regulations (NIST, ISO, PCI-DSS, GDPR, etc.). Our detailed assessments scorecards are based on analysis carried out by our in-house consultants who rate evidence provided by supplier companies on each security control they claim to have implemented.
CyberVadis takes care of the entire process, from engaging and supporting suppliers directly during the assessment, through to conducting the analysis itself and the eventual publication of the in-depth results along with a collaborative improvement plan. Companies are re-assessed on a yearly basis.
CyberVadis’ offer includes a multilingual SaaS platform serving as an interface between key accounts and their suppliers. Our support team speak 10 languages and are available online and over the phone Monday to Friday. Its this team’s job to ensure a high rate of supplier participation globally.
In short, CyberVadis offers a relevant, proven and objective model that will cover all at-risk suppliers whilst significantly reducing the cost of evaluating them.
GSM: Which customer segments are you referring to?
All companies with a large number of local or international suppliers need to be considering how well they cover third party cyber risks, especially if they handle personal or sensitive data on their behalf, or if they have IT connections with third parties. In a large number of cases, these third parties are critical to the company’s main activity.
Moreover, GDPR requires companies that share personal data with subcontractors to ensure that these third parties provide sufficient guarantees relating to the implementation of security and confidentiality measures insisted upon by the regulation.
GSM: What are the strengths of your offer?
1- An efficient and highly scalable approach CyberVadis customers identify the suppliers to be assessed, track their progress and visualise the assessment results directly on the platform, all within a matter of weeks.
2- A credible evidence-based methodology based on expert insight CyberVadis assessments rely heavily on evidence-provided rather than declarations made by suppliers, we address the gap between the two and give our customers the clearest picture possible. Supporting the methodology is our team of experienced international security experts (most of them have auditing and consulting backgrounds) experts are recruited internationally and have previous experience in cybersecurity audit and consulting. This combination ensures insightful, objective and highly reliable assessments at the end of the process.
3- A collaborative and international approach CyberVadis benefits from the 12 years of experience and the proven model of EcoVadis and have applied this to cybersecurity. Crucially, that relates to engaging suppliers, a multi-faceted platform and a strong global presence.
Fundamentally, we aim to share value with the companies we have evaluated and helping them to leverage relationships with key accounts to encourage them to drive the cybersecurity improvement, in everyone’s interest.
4- An innovative financial model allowing a controlled cost CyberVadis enables key accounts to evaluate an unlimited number of suppliers, in-depth and at a fixed cost. This is largely down to our well-established supplier-funded assessment model, where companies pay for their own assessment, access to the shared platform and the chance to universally share their evaluation with other customers. This helps suppliers to cut out redundant work relating to non-standardised cybersecurity audit requests.
GSM: How do you accompany your customers?
CyberVadis provides each client with a dedicated customer success team who facilitate the deployment of the initiative with both Purchasing and Information Security teams.
A support team is also made available to suppliers to guide them through the process and assist them in the evaluation and analysis of their performance results.
GSM: How is your sales network organized? CyberVadis has a dedicated international sales team but we also work closely with EcoVadis’ sales teams as well.
GSM: How is your technical support organized in France and in Europe?
In addition to multilingual customer and supplier support services, the CyberVadis platform includes interactive walkthroughs at every step as well as online guides for frequently asked questions. We also offer live chat on the platform and run webinars for suppliers and key accounts alike.
GSM: To conclude, what would your message be to our readers?
Cybersecurity incidents in recent years have shown that small suppliers represent an increasingly high-impact risk to their customers. Unfortunately, for operational and financial reasons, most companies can only afford to focus their efforts on larger, strategic suppliers with no attention being paid to these smaller third parties.
By using CyberVadis’ end-to-end solution, our customers have a clear, objective view of cybersecurity risk for all of their at-risk suppliers, mitigating the challenges they face relating to volume, time and costs.