The Open Vendor Risk Management Standard for Financial Services

Open VRM

A Vendor Risk Management (VRM) Platform for Vendors and their Clients to Solve Multiple VRM Challenges in Harmony

Free for Vendors

Answer one questionnaire, upload your evidence documents, and share them with your clients.

Centralized VRM

Reduce time and resources on questionnaires and meet cyber regulatory requirements.

Free for Clients

Simply select your vendors, request access to their profile, manage risk level, and voilà!

the trickle-down effect

The need for a standard in vendor risk management

As cybersecurity regulatory requirements and security risks increased, vendors are now highlighted as a critical third-party extension for private data management.
When regulations tightened for Financial Services firms, they also tightened for vendors as they must adhere to the same compliance standards as their clients.

VENDORS

SUPPLIERS

THIRD-PARTIES

CONTRACTORS

SERVICE PROVIDERS

J. Gaston Siri

CEO

“OpenVRM is pushing us towards better compliance, thank you.”

The Challenge

Vendors and Clients find themselves in a never-ending spending spiral. Clients struggle to send requests to vendors that struggle to manage them. The result is incomplete, or outdated, due diligence resulting in non-compliance.

Vendors & Clients

The Never-Ending Spending

Annual Re-Certification Costs

All Vendors, and some Clients, pay for certifications like SOC 3, SOC 2 Type 1, SOC 2 Type 2, SIG Lite, SIG Core, etc.

Annual Security Assessment Costs

Vendors and Clients pay for penetration testing and vulnerability scans of networks, applications, cloud, etc.

Annual Due Diligence Costs

Clients contact Vendors who sometimes must answer each Client individually. This unnecessary effort results in incomplete or outdated VRM.

Multiple VRM System Costs

Clients pay for a VRM system while Vendors often pay for multiple, depending on their Clients' requests.

Vendors spend over 15,000 hours per year answering security assessments and companies spend $2.1 million annually, on average, vetting these answers.

The Solution

A unique and free platform to allow Vendors and their Clients to better communicate and manage the due diligence process of vendor risk management.

The Power of Open VRM

Compliance-Driven Way to Identify & Manage Supplier Risks

Home Offices, Agencies, Branches & Advisors

Easily manage vendor cyber risk

Invite Third-Party Vendors to a secure platform where you can easily manage them all, gain vendor visibility and oversight and reduce third-party risk.

Vendors, Suppliers, Third-Parties & Contractors​

Save time on client requests

Collaborate, manage and share your vendor cyber package with multiple clients in one location so they can access it upon your approval.

Features

Benefits

How Open VRM Works

Simple Steps to Ease Vendor Risk Management

Vendors

Clients

Luis Quiroz

Co-Founder & CTO

“We save resources by leveraging Open VRM to share our Due Diligence documents with Clients.”

About

Open VRM

Open VRM (Vendor Risk Management) offers the Financial Services industry a new standard for vendor due diligence management. Unlike traditional VRM software, Open VRM provides vendors with a free, open environment to populate, manage and share a pre-vetted security questionnaire and compliance evidence documents in one private location. Clients of vendors access the Vendor Directory with confidence to request access to Vendor due diligence information. Created by Buckler with oversight from an Advisory Board that includes cybersecurity compliance experts, Open VRM drives faster collaboration between vendors and clients in an ever-growing cyber regulatory world.

Open VMR Advisory Board

Volunteering for a better VRM World

John Cooney

Attorney

LEGAL COUNSEL

Brian Edelman

CEO
FCI-Logo-100x100-1

Vincent Guyaux

Chairman

Stephen Simons

CEO

An Innovative Fremium Model

Open VRM is Freemium offering from Buckler, a unique Cyber Program Management System for the Financial Services Industry.

Compliance Service Add-Ons

vCISOs

Open VRM partners with strong, industry-knowledgable vCISOs to support their vendor management inititatives.

Eliminate Never-Ending Spending & Optimize Vendor Risk Management Process