Close Widget

SureCloud®, a supplier of Cloud-based IT Governance, Risk and Compliance (GRC) solutions, today announced that Shop Direct Group has selected the SureCloud Platform™ to help automate its third party assurance programme. Shop Direct expects the move to help it more easily manage its extensive partner network as well as lead to clearer insight into the overall efficacy of its partners security compliance measures.


The UK’s leading online and home shopping retailer depends on a network of 800 third party partners who provide a wide range of services from logistics to call centres and from finance to manufacturing.  For Shop Direct, ensuring its partner organisations have adequate security measures in place to protect their customers’ personal data is paramount. Yet the existing systems for assessing third party risk were manual and not as efficient as they could be.  The compliance team emailed spreadsheet-based questionnaires to stakeholders in each organisation and the resulting data had to be collated manually and could not be analysed easily.  Not only was the whole process cumbersome, it tied up valuable auditor time with administration and mundane tasks, but there was no easy way to compare the relative risk levels of data security in relation to its partners.


Shop Direct was convinced there must be a better way to audit its supply chain and turned to SureCloud for help.  By transferring key GRC processes and providing centralised risk-based reporting via its Software-as-a-Service (SaaS) platform SureCloud has helped Shop Direct develop a new centrally-managed and more automated vendor risk management programme. The questionnaire has been re-designed to avoid ambiguity and repetition, and it is now possible to devolve responsibility for providing answers to the right individuals. Additionally, because their responses are captured centrally, Shop Direct is able to track the compliance status of every partner in real-time via a dashboard that allows relative risk profiles to be compared at a glance.


“When we saw how quickly and easily the SureCloud platform could transform our partner assurance programme, we knew that it was exactly what we needed,” commented Mike Marshall, Head of Group Security at Shop Direct Group. “Greater efficiencies and significant time savings have already been achieved without major change or breaking the bank.”


“We are delighted that Shop Direct has recognised the centralisation and automation strengths of the SureCloud platform as an ideal way for it to introduce greater efficiency and clarity into its vendor risk management processes,” said Richard Hibbert, CEO, SureCloud.  “We look forward to continue working closely with Shop Direct as it expands the use of SureCloud to include all of its partners over the coming months.


About Shop Direct Group

Shop Direct Group is the UK’s leading online and home shopping retailer, with annual sales of around £1.7 billion through brands such as, Littlewoods, Isme, Kay&Co  and Offering over 800 brands, including leading fashion labels and own brands, Shop Direct delivers more than 25 million parcels each year to more than five million active customers. For more information visit 


About SureCloud

SureCloud helps to automate any IT Governance, Risk and Compliance (GRC) process, such as Compliance Audits, Policy Management, Risk Assessments or Third Party Assurance programmes. The SureCloud Platform™ supports an agile approach to implementation and per user pricing, dramatically reducing the total cost of ownership. Established in 2006, SureCloud is a British company based in Reading, Berks, with more than 300 customers throughout the UK from the Retail, Financial Services and Government sectors, including a large number of local authorities. For more information visit www.

You can download the full case study at the bottom of the page. 


Shop Direct Case Study

application 210.17 KB

How can we help?