Cubic Corporation Navigates Vendor Risk Management with OneTrust GRCDownload PDF
Cubic Corporation Navigates Vendor Risk Management with OneTrust GRC
Cubic Corporation (NYSE: CUB) is a technology-driven, market-leading San Diego-based public enterprise providing innovative technologies and an integrated approach to systems and services for government and commercial customers around the globe. Cubic Corporation is the parent company of three major business divisions: Cubic Transportation Systems (CTS), Cubic Mission Solutions (CMS), and Cubic Global Defense (CGD). This integrated business structure ensures customers receive streamlined operations and strategy, as well as cost-efficiency and speed to market.
“Doing the right thing” is one of Cubic’s core values and the mantra that guides their business ethics. The company lives out this value by adhering to all applicable global laws and policies, and only working with vendors that follow Cubic’s written code of business conduct or a similar set of principles. This code describes Cubic’s expectations for the vendors, suppliers, resellers, contractors, agents, representatives, and partners with whom they do business.
The Road to “Doing the Right Thing” Starts with Technology
In order to develop and deliver on their technology offerings and services, Cubic and its third-party vendors must process personal information and payment card data as part of their fare collection and revenue management solutions. Consequently, it is expected that all stakeholders follow relevant best practices and industry standards to protect the confidentiality, integrity, and accessibility of this information through appropriate physical and cyber security procedures.
“Upholding these best practices and managing regulatory compliance becomes increasingly complex when managing third-party relationships using spreadsheets and email communications. The lack of transparency and the time-consuming nature of manual data collection and reviews with third parties is why we began our search for a technology solution.Konrad FellmannVice President and Chief Information Security Officer
All Lanes Lead to OneTrust GRC
Cubic came across OneTrust GRC at a CISO conference in California where OneTrust gave a presentation on vendor risk management best practices.
“As OneTrust spoke, I realized how easy it would be to streamline Cubic’s program with a centralized tool that supports assessment automation and a consistent method of vetting, all while providing pre-completed assessments for some of the more recognizable third parties. When the OneTrust team actually sat down with me and reviewed the Vendor Risk Management tool, I realized it is extremely affordable for the value it provides us, and that we can’t beat its effectiveness and capabilities with another tool.Konrad FellmannVice President and Chief Information Security Officer
Moving Full Speed Ahead with Additional OneTrust GRC Solutions
“Cubic’s original OneTrust use case was to support vendor risk management practices, but when we demoed the platform to our quality team, it opened up additional opportunities for the business around distributing internal quality assessments. Now I can create a custom quality assessment template in the platform and send it across all relevant stakeholders throughout the organization. The platform provides us a central place to collect this information while also helping us improve efficiencies in other areas of the business.Konrad FellmannVice President and Chief Information Security Officer
Looking ahead, Cubic plans to replace their legacy GRC solution with OneTrust GRC. The business has to conduct audits against internal controls to ensure compliance, an imperative goal for the global organization. By leveraging OneTrust GRC’s simple workflows and easy-to-use interface, Cubic can automate more of the time-consuming assessment and risk mitigation processes.
Combatting GRC Complexity: A Blueprint for Mapping Common Control Frameworks
Identifying a CMMC Auditor, 3 Things to Know About RPO vs. C3PAO
OneTrust Recognized in the
2020 Gartner Magic Quadrant for IT Risk Management*
Building the Future of Risk Management | OneTrust GRC See What's Next