Aravo Helps Organizations Protect Data from Third-Party Risk

Pre-configured information security application leverages Shared Assessments’ SIG Lite and Core assessments to create a flexible solution for managing information security risks arising from third-party relationships.

(San Francisco) November 12, 2019 – Aravo Solutions, a leading provider of SaaS solutions for third-party risk and performance management, today announced the release of Aravo for Information Security. This pre-configured application for mitigating privacy, cyber security, and other risks in third-party ecosystems accelerates the deployment of a best-practice information security program.

“Organizations have been using Aravo to manage information security risk as part of their third-party risk management program for some time,” notes Aravo CTO Eric Hensley. “Aravo for Information Security distills that experience, reducing the need for internal resources and time-to-market with pre-configured capabilities specific to best-practice infosec programs, including leveraging the industry-standard SIG Core and Lite assessments.”

Built on best practices from the Shared Assessments community, the SIG (Standard Information Gathering) assessment is used to collect data to determine how third-party service providers manage security risks across 18 risk control domains in their environments. With Aravo for Information Security, organizations can have granular control of the risk control domains and even specific questions in the SIG Lite or Core that they send to service providers – or they can use a custom combination of questions from both – with just simple configuration changes.

“We commend Aravo for joining the Shared Assessments community and leveraging the collective intelligence of hundreds of members through adoption of the SIG in their platform. They are bringing third-party risk best practices and standardization to their customers through this product integration,” said Catherine A. Allen, CEO, The Santa Fe Group.

Said French Caldwell, Founder and Chief of Research at FCInsight, “Aravo for Information Security offers a simple solution for the CISO and IT security team based on the Shared Assessments SIG. A nice feature for third parties that already have a completed SIG is that they can just upload it to the Aravo IS questionnaire and it will automatically populate — so no mind-numbing clicking on yes and no questions.”

According to Forrester Research, third parties were the cause of 21% of confirmed breaches in 2018, up from 17% in 2017.* A single cyber security breach can cost millions of dollars in fines, reputational damage, and shareholder value.

Aravo for Information Security can scale to include complex scoping and conditional logic as well as infosec-specific automated workflows, reports, and dashboards. It can be used independently to focus specifically on cyber risk or as part of a broader Aravo third-party risk management solution that spans multiple risk domains, allowing organizations to quickly view portfolio risk scorecards for both specific risk domains like infosec and overall inherent risk.

Learn more about Aravo for Information Security and request a demo.

*The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q4 2018

About Aravo

Aravo delivers market-leading solutions for understanding, managing, and mitigating the risks posed by third-party vendors and their engagements. Using Aravo, customers maintain a single, auditable inventory of all third-party relationships and can automate risk assessments, scoring, due diligence, continuous monitoring, issue management, and corrective actions.

Built on technology designed for usability, agility, and scale, Aravo supports complex custom-configured solutions used by many of the world’s largest global brands as well as pre-configured applications that allow clients to stand up a best-practice program quickly and confidently.

Aravo’s combination of award-winning technology and unrivalled domain expertise is trusted by the world’s leading brands, helping them manage the risk and improve the performance of more than 5 million third parties, suppliers and vendors across the globe.

About Shared Assessments

The Shared Assessments Program has been setting the standard in third party risk assessments since 2005. Shared Assessments, the trusted source in third party risk assurance, is a member-driven, industry-standard body with tools and best practices. Program members from across organizations and industries work together to build and disseminate best practices, building resources that give all third party risk managers a more efficient way to conduct security, privacy and business resiliency control assessments.