Findings: Automating Vendor Risk & Compliance Management

Follow Findings on :

Kobi Freedman, CEO and Co-Founder
Strategic vendor partnerships are crucial for organizations to achieve all their business objectives. However, increasingly complex vendor networks make it difficult for organizations to conduct comprehensive vendor due diligence and monitoring. They struggle to understand vendor relationships, manage contractual and compliance obligations, mitigate vendor risk, and avoid compliance penalties, damages, and costly investigations. Moreover, vendor risk assessment and management is still a painstaking manual process, which opens up room for human error and even negligence - as well as being a one-off process due to cost which minimizes continuous tracking of risk reduction. Thus, it is essential for businesses to streamline this manually-driven, labor-intensive process to save time and cost while avoiding regulatory red flags.

Enter Findings.

“The regulatory landscape is becoming complex and stringent with every passing day. To operate efficiently and remain compliant, it has become essential for organizations to accurately understand whether their vendors are abiding by the rules or not. We help clients - both enterprises and vendors - streamline that process,” Kobi Freedman, CEO, and Co-Founder, Findings

Findings has built its proprietary platform to help both enterprises and vendors. By using this platform, enterprises, for example, can automate vendor security programs, continuously monitor long-tail exposure, and manage on-boarding, event-driven and continuous risk, among other tasks. For vendors, the platform equips them with the capability to showcase their security posture to customers,automate assessment and RFP response, and meet customer requirements. More importantly, the company allows clients to customize everything in line with their own business requirements and manage their contractual and evidence requirements. This is important because the cyber-threat landscape differs from one industry to the other, and every business has its own metrics for vendor risk programs. Leveraging the power of AI and NLP, Findings creates a machine-to-machine risk monitoring ecosystem and reduces the amount of friction when organizations are trying to connect with each other. This helps businesses to have their own terminology regarding risk assessment while having the ability to connect and answer all the questions. In this way, Findings is a significant business enabler for all stakeholders in the process.

The Findings platform also automates the control verification process for clients. Traditionally, members from IT teams had to personally check the vendor site to inspect the control maturity status or evidence accuracy - a very inefficient and expensive process. As opposed to this, Findings can integrate into various vendor infrastructure, such as the vendors’ cloud and endpoint in order to have a continuous posture monitoring process. This is significant because it is transforming the industry from subjective and static compliance reporting to objective and ongoing compliance monitoring.

Our solution offers a centralized platform to contextualize risk.We are continuously working to enhance the efficacy of the platform and make it data rich tosolve complex business problems

This is significant because it is transforming the industry from subjective and static compliance reporting to objective and ongoing compliance monitoring.

“You don’t need to just answer questions anymore. We are getting the verified answers from various sources by ourselves. So both buyers and vendors can connect faster and have more reliability and transparency in their continuous relationship,” says Kobi Freedman, CEO of Findings.

Freedman elaborates that cybersecurity is just one side of the coin. In today’s world, there is growing importance of ESG (Environmental, Social, and Governance) considerations and regulations in the engagement between supply chain stakeholders. Following the ESG guidelines in a proactive way has lately become critical for businesses owing to the presence of several regulations. They need to ensure that all the vendors are following all the requirements by conducting comprehensive background checks, due-diligence and continuous monitoring. The Findings platform streamlines this task as well by providing clients with all their vendor data.

Honing such capabilities, Findings has attracted a legion of clients. For example, a global defense contractor deployed the platform to align with the DoD CMMC requirement. Findings enabled them to cover thousands of vendors within four months and identify thousands of issues. “Given the timeframe that the client had, it was impossible for them to manually conduct vendor risk assessment. We automated the entire process and this enabled the client to quickly reach their goal,” Freedman adds.

Having such examples of client success, Findings is pioneering a promising future. The company has partnered with Trustwave—one of the largest managed security services providers. Also, is collaborating with NASDAQ to expand the reach of the platform to the entire NASDAQ community. “Our solution offers a centralized platform for risk analysis and contextualization risk. We are continuously working to enhance the efficacy of the platform and make it data rich to solve complex business problems,” Freedman concludes.


New York, NY

Kobi Freedman, CEO and Co-Founder

Findings is driven by the mission and vision to create a world in which any company can take part in any supply chain without worrying about security or privacy regulation concerns