TGI Fridays have 84 restaurants in the UK. Therefore, their network of suppliers, employees, and guests are extensive. With details in excess of 5,000 active employees in the UK and 34,000 employee records, along with data on guests making bookings, using the company’s loyalty app, and making payments by credit or debit cards, etc., its records span in excess of 2 million data subjects.
At the start of 2017, TGI Fridays UK decided to update its vendor risk management processes. This was based on a manual, spreadsheet-based system which involved sending spreadsheets to individual suppliers for vendors to complete and then TGI Fridays UK had to collate the results. As this involved over 20 suppliers who have access to TGI Fridays UK networks or data, the process was cumbersome and time-intensive. The chain wanted a vendor risk management solution that would help to accelerate and automate the process.
Having used SureCloud’s Platform for their Cybersecurity needs, TGI Fridays UK decided to evaluate the SureCloud Third Party Risk Management GRC solution.
Using the Third Party Risk Management GRC solution, TGI Fridays UK has put together an updated third-party risk management process, which its current and future suppliers must pass as part of the company’s rigorous oversight of its supply chain: “Essentially before we appoint a new supplier they must complete a third-party risk assessment as part of our due diligence. This helps us assess whether they have good IT cyber security policies in place, ensure they follow industry best practice security processes and if they are ISO27001 compliant, and so on,” said Jeremy Dunderdale, Head of Business Solutions at TGI Fridays.
The third party risk management GRC solution facilitates assessments and aggregates the data from TGI Fridays’ suppliers making it easier to grade suppliers and their risks without having to extract the data from multiple different spreadsheets, accelerating the vendor risk assessment process.