I was recently asked about the story of ThirdPartyTrust and it was shocking to realize how an entrepreneurship idea turned into a huge network of organizations and vendors modernizing the way third-party risk assessments are done. I hope you enjoy this story as much as I enjoyed being a part of it.
Some 10 years ago I found myself on the receiving end of gigantic spreadsheets with security questions every week. I was working at a rapidly-growing firm and I would constantly get these questionnaires ranging anywhere from 40 to 400 questions around our security policies and procedures. So I set out to fix the problem with third-party risk assessments for both enterprises and their vendors. And that’s how ThirdPartyTrust was born.
Every new questionnaire meant that my week was shot, because we had to respond to the same set of questions and share the same security documents again. If only there was a way to automate this process and avoid the email back & forth…
Fast forward to today, there is: Beacon by ThirdPartyTrust is the centralized security profile for vendors to store, update and share all their insurances, certifications, scans and attestations with the click of a button. Enterprise by ThirdPartyTrust is the workflow automation platform for organizations conducting security assessments and third-party risk monitoring.
Back to the story. I quickly realized that all these different requests from our customers had a tremendous amount of overlap in what they were looking for. They all wanted to make sure that we were safeguarding their data and handling it the right way, and that they weren't exposing their company to a potential data breach.
But there was so much redundancy in that process, and it was so manual. As a vendor, I could experience that pain point of answering the same questions over and over again.
At the time I went to my customers and asked them: “How many of these spreadsheets do you send per year?”. And I was shocked that they were sending those to maybe 3, 4, 5 hundred different vendors yearly.
This wasn’t a pain point just for me. Customers were struggling with getting this done, and third-parties were tired of doing repetitive efforts.
The tools available in the market were big, heavy GRC tools that didn't do an excellent job of scaling this process or automating much of it at all.
So I started doing more and more research around this problem and I realized that:
It wasn't just the big Fortune 100 companies struggling with this. It went down to much, much smaller companies. I’d always wanted to start my own business and the idea of ThirdPartyTrust just seemed like the perfect opportunity.
Most early-stage companies will face the challenges of funding, development, and making the first sales. Fortunately I was able to shift and work throughout all those phases. I had to learn how to sell. I had to be a better developer. I had to recruit. I had to do all these different things.
Up until pretty recently, I wore 15 hats on any given day. I would sit with a developer looking at code, then immediately back to back into a demo for a sales meeting, then switching off to go-to-market strategy or anything else.
I think over time, we just never stopped. It's been six years now. Every day, the team and I are working on just evolving the ThirdPartyTrust platform. It's different from yesterday, it's very different from how it was a year ago, and it's almost miles apart from what it was two years ago or so.
I never pivoted the core idea of what ThirdPartyTrust is. It knew there was a better way to conduct third-party risk assessments and due diligence to ensure that a vendor is safeguarding their customer information correctly according to their standards. It just had to be done.
Apart from having a good and down-to-earth idea, we built some great partnerships and integrations that have elevated our value proposition. We are really building a one-stop shop for enterprises and third-parties to assess, monitor and mitigate third-party risks.
Our core offering is around third-party risk management automation, questionnaire & lifecycle management. We have the big cyber rating providers all integrated, like BitSight, RiskRecon and SecurityScorecard. We also have scores on financial vendor viability by Argos Risk, geopolitical risk by Supply Wisdom, credential exposure by SpyCloud, privacy by Osano, and a managed services offering by BlueVoyant.
There’s also a long-standing relationship with our resellers and managed services partners, GuidePoint and Optiv, who have been a true ally in the story of ThirdPartyTrust.
When I think about why this is working so well I realize that we’ve created almost like a single pane of glass around the use case of third-party risk management. We are truly changing the way things are done and shifting the focus to the power of the network, by allowing enterprises and third-parties to interact and exchange information in the same platform.
It’s been quite a journey! And I want to thank everyone who’s made it possible - friends, family, colleagues, partners, board members, customers, and my ever-growing team at ThirdPartyTrust.
The story of ThirdPartyTrust, as told by its Founder and CEO
Some 10 years ago I found myself on the receiving end of gigantic spreadsheets with security questions every week. I was working at a rapidly-growing firm and I would constantly get these questionnaires ranging anywhere from 40 to 400 questions around our security policies and procedures. So I set out to fix the problem with third-party risk assessments for both enterprises and their vendors. And that’s how ThirdPartyTrust was born.
Every new questionnaire meant that my week was shot, because we had to respond to the same set of questions and share the same security documents again. If only there was a way to automate this process and avoid the email back & forth…
Fast forward to today, there is: Beacon by ThirdPartyTrust is the centralized security profile for vendors to store, update and share all their insurances, certifications, scans and attestations with the click of a button. Enterprise by ThirdPartyTrust is the workflow automation platform for organizations conducting security assessments and third-party risk monitoring.
Back to the story. I quickly realized that all these different requests from our customers had a tremendous amount of overlap in what they were looking for. They all wanted to make sure that we were safeguarding their data and handling it the right way, and that they weren't exposing their company to a potential data breach.
But there was so much redundancy in that process, and it was so manual. As a vendor, I could experience that pain point of answering the same questions over and over again.
The revelation
At the time I went to my customers and asked them: “How many of these spreadsheets do you send per year?”. And I was shocked that they were sending those to maybe 3, 4, 5 hundred different vendors yearly.
This wasn’t a pain point just for me. Customers were struggling with getting this done, and third-parties were tired of doing repetitive efforts.
The tools available in the market were big, heavy GRC tools that didn't do an excellent job of scaling this process or automating much of it at all.
So I started doing more and more research around this problem and I realized that:
- It was a massive market
- It was a global issue
- It was early enough to step in
- It was mostly banks, financial and insurance organizations, but soon there would be a need in more industries
It wasn't just the big Fortune 100 companies struggling with this. It went down to much, much smaller companies. I’d always wanted to start my own business and the idea of ThirdPartyTrust just seemed like the perfect opportunity.
The challenges of starting a business
Most early-stage companies will face the challenges of funding, development, and making the first sales. Fortunately I was able to shift and work throughout all those phases. I had to learn how to sell. I had to be a better developer. I had to recruit. I had to do all these different things.
Up until pretty recently, I wore 15 hats on any given day. I would sit with a developer looking at code, then immediately back to back into a demo for a sales meeting, then switching off to go-to-market strategy or anything else.
I think over time, we just never stopped. It's been six years now. Every day, the team and I are working on just evolving the ThirdPartyTrust platform. It's different from yesterday, it's very different from how it was a year ago, and it's almost miles apart from what it was two years ago or so.
I never pivoted the core idea of what ThirdPartyTrust is. It knew there was a better way to conduct third-party risk assessments and due diligence to ensure that a vendor is safeguarding their customer information correctly according to their standards. It just had to be done.
A look at our path and the story of ThirdPartyTrust
Apart from having a good and down-to-earth idea, we built some great partnerships and integrations that have elevated our value proposition. We are really building a one-stop shop for enterprises and third-parties to assess, monitor and mitigate third-party risks.
Our core offering is around third-party risk management automation, questionnaire & lifecycle management. We have the big cyber rating providers all integrated, like BitSight, RiskRecon and SecurityScorecard. We also have scores on financial vendor viability by Argos Risk, geopolitical risk by Supply Wisdom, credential exposure by SpyCloud, privacy by Osano, and a managed services offering by BlueVoyant.
There’s also a long-standing relationship with our resellers and managed services partners, GuidePoint and Optiv, who have been a true ally in the story of ThirdPartyTrust.
When I think about why this is working so well I realize that we’ve created almost like a single pane of glass around the use case of third-party risk management. We are truly changing the way things are done and shifting the focus to the power of the network, by allowing enterprises and third-parties to interact and exchange information in the same platform.
It’s been quite a journey! And I want to thank everyone who’s made it possible - friends, family, colleagues, partners, board members, customers, and my ever-growing team at ThirdPartyTrust.
Anders Norremo
Founder & CEO, ThirdPartyTrustAnders Norremo has 15 years of experience related to information security and technology, creating state-of-the-art scalable SaaS companies. Anders comes from Sweden, where he grew up learning everything about computers and coding. His expertise in identifying trends and building solutions has propelled ThirdPartyTrust into solving the industry problem of a vulnerable supply chain.
