In the last few months there has been interesting activity with risk intelligence providers. Still trending are launches and partnerships that focus on sustainability. A few note their offerings are in anticipation of EU’s new CSDDD (Corporate Sustainability Due Diligence Directive). In addition, threat intelligence providers are launching cyber risk solutions that focus on suppliers and third parties. Here are announcement highlights, with brief statements on significance.
September 2024
EcoVadis Acquires Ulula – EcoVadis announced the acquisition of Ulula, a human rights technology and analytics company that provides an on-the-ground engagement feedback platform. Ulula, which means “reveal” in Chichewa, a Southern African dialect, was founded in 2015 “after years of engaging with communities and workers in the agriculture, mining and energy industries in 70 countries from the Niger River Delta, to the highlands of Peru.” A consolidated Ulula and EcoVadis platform will allow companies to identify human and labor rights risks across supply chains directly through workers and the communities. This is being developed in anticipation of upcoming new regulations, such as the CSDDD (Corporate Sustainability Due Diligence Directive), which requires “all EU and non-EU companies with over 450 million euros of turnover in Europe to implement grievance mechanisms for their supply chain by 2029.” Significance: This partnership provides a resource that both addresses upcoming new regulatory requirements and can identify labor and human rights risks more accurately by going directly to the source. EcoVadis partners with significant Source-to-Pay providers, such as Coupa, SAP, Jaggaer, Zycus, Ivalua, and GEP, in addition to sourcing and other third party data risk providers in the procurement space (direct from websites).
August 2024
SecurityScorecard and G2 – Software marketplace provider, G2, is partnering with SecurityScorecard. This partnership allows for “SecurityScorecard cybersecurity ratings to be featured directly in G2 product profiles…B2B software buyers will be provided with a simple A-F letter grade measuring a vendor’s security posture.” Significance: G2 is a marketplace for software buyers and is one of the most comprehensive and current offerings that provides reviews directly from actual users. The ability to compare products across a span of features helps in determining company/technology positioning. The addition of SecurityScorecard boosts the authoritativeness of the site and provides a critical element for reviewing software.
Farmers Business Network (FBN) and ADM – These companies created a new company to expand the Gradable technology platform, also named Gradable. The Gradable platform was introduced in 2020, and for grain buyers, provides farm-level data to easily identify and purchase grain to help in meeting customers’ growing demand for products that are sustainably produced. Before the joint venture Gradable was a business unit of FBN. Significance: “Most co-ops, ethanol plants, grain merchants, and feed yards are trying to modernize their operations with a complicated patchwork of specialized service providers…The Gradable platform…[provides] a single-stop, integrated solution for grain aggregators” (Digital Commerce 360).
July 2024
Supplyframe’s Electronics Product Carbon Footprint (PCF) – This new resource provides global manufacturers instant access to product carbon footprint for more than 300 million electronic parts. According to Supplyframe’s CEO: “Until now, engineers designing new products and procurement teams tasked with obtaining components for those products have had no way to evaluate the CO2 emissions of a new design or purchasing decision…This capability gives them specific product carbon footprint details to meet regulatory reporting requirements.” Significance: As observed by Supplyframe, this represents another launch where “new European Union regulations and evolving U.S. rules are forcing manufacturers to identify how to quantify and report their supply chain emissions.”
LexisNexis Launches Nexis+ AI – LexisNexis Legal & Professional commercially launched Nexis+ AI. Nexis, the company and financial information side of LexisNexis, utilizes “a huge repository of licensed news publications and corporate data on millions of companies…Nexis+ AI uses new AI tools to leverage this expansive content library and enables searchers to generate, extract, and summarize company news and financial data for faster insight.” Significance: The NexisLexis content library is indeed a powerhouse and searching for information from such a large body of content is challenging. Fortunately, LexisNexis’s search capabilities have always been top notch. It is only natural that an AI-forward product was developed, especially as it follows on the heels of the Lexis+ AI (legal content/citation linkage) launch in October 2023.
Sedex Announces Three New Product Releases – The three new products are SMETA 7.0, Environment Self-Assessment Questionnaire (ESAQ), and Service Provider Self-Assessment Questionnaire (SAQ). The SMETA audit methodology has been updated and allows for identification of harder-to-detect issues at supply chain worksites, “such as clearer compliance paths for better adherence to sustainability standards.” The ESAQ focuses on key environmental metrics, “such as water consumption, greenhouse gas emissions and waste management.” The SAQ addresses unique risks specific to sectors such as logistics, security, and waste management. Significance: An early trailblazer in the supply chain sustainability space, Sedex, founded in 2004, provides users the ability to exchange supply chain data with each other. New releases allow for more granular detection of supply chain compliance issues.
June 2024
RepRisk Announces New Diligence Scores – RepRisk has launched Due Diligence Scores. “The ESG scores assess specific risk factors such as biodiversity and human rights on a 0 (low risk) to 100 (high risk) scale, Clients can select from a range of ready-to-use packages or customize their own set from 200+ individual scores to align with their specific risk priorities. The scores comprise individual ESG pillars (environmental, social, or governance), frameworks, and regulations such as SDG, SASB, SFDR, the German Supply Chain Act and Modern Slavery acts, and specific issues, ranging from human rights and biodiversity to climate and greenwashing.” Significance: RepRisk, a true pioneer in the risk transparency space, also cites the need for data “to comply with expanding regulatory requirements, most recently EU’s Corporate Sustainability Due Diligence Directive (CSDDD).”
Threat Intelligence Providers Launch Cyber Risk Solutions that Focus on Suppliers and Third Parties
Blackwired – In September, Blackwired launched ThirdWatch, which identifies direct threats facing organizations and their third parties. “ThirdWatch is a subject-directed monitoring platform that provides a comprehensive 360-degree view in 3D of existential threats that impact organizations and the associated cyber risks posed by their vendors, partners, suppliers, networks, and digital assets.”
BlueVoyant – In July, BlueVoyant launched its new Cyber Defense Platform, which allows companies to “better manage and respond to risks from suppliers, vendors, and other third parties.” The launch “comes at a critical time when organizations face increasing threats not only from internal networks but also from supply chain vendors, digital fraudsters, and the dark web.”
KELA – In June, KELA launched its Third-Party Risk Management (TPRM) module that fully integrates into its threat intelligence platform. The new TPRM module is “specifically designed to strengthen organizational defenses by focusing on software supply chain risks.”
Significance: These events highlight trend movements in the threat intelligence and supplier risk spaces.
Image by Brian Penny from Pixabay