Information Technology Services (ITS) has earned the UC Tech Silver Design Award for its efforts to advance UCLA’s third-party risk management (TPRM). Ernesto Carrasco, Mike Quirk, Anna Santa Cruz, Rohith Thakkallapally and Harold Shin conducted a comprehensive analysis of the risks arising from relationships with third-party providers. Using ServiceNow, the team has transformed a complex process into a simple, repeatable solution, enabling UCLA to proactively manage vendor risk.
The TPRM program supports the UCLA campus and its more than 85,000 students, faculty and staff. With an organization this size, delays in onboarding vendors impact curriculum delivery, IT security for students, faculty and staff, and overall support. In 2021, the Office of the Chief Information Security Officer tasked the governance risk and compliance team with automating the TPRM process within ServiceNow and moving away from the manual process that was in place.
The Campus Governance Risk & Compliance (GRC) and ServiceNow teams collaborated to automate the process. In doing so, they created a centrally managed TPRM process in one tool and eliminated Excel spreadsheets and manual processes. In TPRM version 2, the number of questions was reduced by two-thirds compared to the previous version. In addition, all TPRM partners, such as IT security, accessibility, data privacy and purchasing, can simultaneously work on requests. Not only has the TPRM process become more efficient, it has also improved the experience for end users.