Cubic Corporation Navigates Vendor Risk Management with OneTrust GRC
Download PDF

Cubic Corporation Navigates Vendor Risk Management with OneTrust GRC

Featured Image

Cubic Corporation (NYSE: CUB) is a technology-driven, market-leading San Diego-based public enterprise providing innovative technologies and an integrated approach to systems and services for government and commercial customers around the globe. Cubic Corporation is the parent company of three major business divisions: Cubic Transportation Systems (CTS), Cubic Mission Solutions (CMS), and Cubic Global Defense (CGD). This integrated business structure ensures customers receive streamlined operations and strategy, as well as cost-efficiency and speed to market.

“Doing the right thing” is one of Cubic’s core values and the mantra that guides their business ethics. The company lives out this value by adhering to all applicable global laws and policies, and only working with vendors that follow Cubic’s written code of business conduct or a similar set of principles. This code describes Cubic’s expectations for the vendors, suppliers, resellers, contractors, agents, representatives, and partners with whom they do business.

The Road to “Doing the Right Thing” Starts with Technology

In order to develop and deliver on their technology offerings and services, Cubic and its third-party vendors must process personal information and payment card data as part of their fare collection and revenue management solutions. Consequently, it is expected that all stakeholders follow relevant best practices and industry standards to protect the confidentiality, integrity, and accessibility of this information through appropriate physical and cyber security procedures.

Upholding these best practices and managing regulatory compliance becomes increasingly complex when managing third-party relationships using spreadsheets and email communications. The lack of transparency and the time-consuming nature of manual data collection and reviews with third parties is why we began our search for a technology solution.
Konrad Fellmann
Vice President and Chief Information Security Officer

All Lanes Lead to OneTrust GRC

Cubic came across OneTrust GRC at a CISO conference in California where OneTrust gave a presentation on vendor risk management best practices.

As OneTrust spoke, I realized how easy it would be to streamline Cubic’s program with a centralized tool that supports assessment automation and a consistent method of vetting, all while providing pre-completed assessments for some of the more recognizable third parties. When the OneTrust team actually sat down with me and reviewed the Vendor Risk Management tool, I realized it is extremely affordable for the value it provides us, and that we can’t beat its effectiveness and capabilities with another tool.
Konrad Fellmann
Vice President and Chief Information Security Officer

Moving Full Speed Ahead with Additional OneTrust GRC Solutions

Cubic’s original OneTrust use case was to support vendor risk management practices, but when we demoed the platform to our quality team, it opened up additional opportunities for the business around distributing internal quality assessments. Now I can create a custom quality assessment template in the platform and send it across all relevant stakeholders throughout the organization. The platform provides us a central place to collect this information while also helping us improve efficiencies in other areas of the business.
Konrad Fellmann
Vice President and Chief Information Security Officer

Looking ahead, Cubic plans to replace their legacy GRC solution with OneTrust GRC. The business has to conduct audits against internal controls to ensure compliance, an imperative goal for the global organization. By leveraging OneTrust GRC’s simple workflows and easy-to-use interface, Cubic can automate more of the time-consuming assessment and risk mitigation processes.