Use for: supplier cybersecurity ratings

Founded in 2011, BitSight provides cybersecurity ratings and is a key player in an emerging market that is quickly growing. BitSight Security Ratings are calculated on a scale of 250-900 with a higher rating indicating better security performance. All data collected by BitSight is "externally observable," meaning from data on Compromised Systems, Diligence, User Behavior and Public Disclosures. BitSight Security Ratings for Vendor Risk Management instantly quantifies the level of cyber risk that any supplier presents and when changes occur, BitSight sends an immediate alert. BitSight Enterprise Analytics, the most recent solution, helps companies gain insight into the impact of risk introduced at the organizational group level – from subsidiaries to business units and departments – enabling them to identify the areas of highest risk concentration within their organizations. 

Use for: supplier risk monitoring

Bureau van Dijk (BvD) is a global business intelligence provider known for its quality private international company information and detailed ownership data. BvD's company and risk data is powered by Orbis and information on Orbis comes from over 160 partners. Catalyst is a supplier risk platform that combines a company’s supplier data and BvD’s company and risk data to provide a complete view of current and potential suppliers. You can create your own dashboard for a customized view of your portfolio, suppliers, and priorities. Examples of dashboard elements you can view include changes in supplier risk indicator, spend distribution, changes in supplier solvency, portfolio risk, category spend analysis, and market news. 

Use for: supplier financial/credit risk

Founded in 1977, CreditRiskMonitor offers commercial credit reports for companies worldwide. The reports feature annual and quarterly financial analysis, financial statements, peer analysis, company background information, Moody's ratings and analysis, and Standard & Poor's ratings. Reports also include trade payment data, and public filing information for public and larger private U.S. companies. Customized Portfolios can be set up for monitoring purposes. CreditRiskMonitor’s proprietary Frisk Score (a stress index) combines information from a range of sources (including the ones listed above) to predict the likelihood of financial instability and even bankruptcy. The new PAYCE score provides an accurate measure of financial stress when no financial statements are available for private companies. It utilizes payment and U.S. federal tax lien data from CreditRiskMonitor’s extensive database, analyzed with sophisticated deep neural network modeling technology, to deliver a 70% accurate score on approximately 80,000 private companies.

Use for: supplier due diligence, third party risk management and regulatory compliance

Dow Jones Risk and Compliance provides research tools and services for on-boarding, vetting, and mitigating third party risk. Two key offerings of their suite of compliance solutions are RiskReports, which identify legal, regulatory and reputational issues using open source research, and Dow Jones Factiva to help accurately assess risk levels; and RiskCenter, which centralizes case management. Factiva is a global news database of nearly 33,000 premium sources. Its origins start with Dow Jones News/Retrieval, an early pioneer in providing online access to business news information. 

Use for: supplier risk management

D&B has historically been a main source that researchers look to for private company information. D&B's Supply Management solutions include D&B Compass, D&B Spend Intelligences, D&B Supplier Risk Manager, and Human Trafficking Risk Index. The D&B Supplier Risk Manager solution allows you to certify, monitor, and analyze suppliers. A subscription to this service provides access to risk ratings, including the Supplier Evaluation Risk (SER) rating, which uses predictive analytics to assess the likelihood that a company will cease operations within the next 12 months. D&B Compass is Dun & Bradstreet's new third-party risk management solution that is powered by Artificial Intelligence and allows for comprehensive due diligence and monitoring of all levels of customer, supplier, and third-party relationships. D&B Compass is different from D&B Supplier Risk Manager (SRM) in that (according to communications with a D&B solutions provider) "the Compass solution is a custom tailored solution designed to your companies workflow and risk management of their vendors/suppliers...SRM is like an out of the box solution/platform that is available and user ready."

Use for: supplier sustainability ratings, monitoring

Founded in 2007, EcoVadis operates a collaborative platform that provides Supplier Sustainability Ratings for global supply chains. The EcoVadis solution combines the ratings platform with a portfolio of scorecard and monitoring tools that include:

  • CSR scorecard – for companies to monitor environmental, ethical, and social practices of suppliers and business partners across 150 purchasing categories and 110 countries. It shows CSR performance of each supplier on 21 CSR indicators grouped in 4 themes (Environment, Labor/Social, Fair business/Ethics, and Supply Chain) rated from 1 to 100

  • The Benchmark tool – allows you to compare one supplier to others within the same purchasing category or within the same country. 

  • Strengths and Improvements Area – provides more details and insights into the 4 theme scores.

  • Corrective Action Plan – collaborative tool helps with developing effective dialogue between buyers and suppliers.

  • Category Profile – offers practical insight into the key sustainability issues which are applicable to the supplier industry of operation

In 2019, EcoVadis announced its new Sustainability Intelligence Suite, an expanded toolkit that includes predictive risk mapping, performance signals and audit management.

​​Use for: supply chain sustainability (CSR) and compliance monitoring

IntegrityNext provides companies with information on the sustainability and regulatory compliance of their supply chain using supplier self-assessments and social media monitoring. From a regulatory perspective, IntegrityNext covers global regulations, and their pre-built questionnaires help suppliers assess their standing on bribery, corruption, environmental protection, human rights and labor, health and safety, supply chain responsibility, blacklist and sanctions, trading partner security, information security and conflict minerals.

Use for: identifcation of potential supplier risks and disruptions

ISM, partnering with the Ethisphere, offers the Supplier Risk Index, which helps in identifying potential supply disruptions including disasters, ethics, compliance and sustainability issues  The Index is a series of survey questions made up of three indices: 1) Risk Index, 2) Ethics Index, and 3) Sustainability Index. Selected suppliers answer a series of questions. Based on the answers a dashboard report is provided that indicates your supplier's risk potential in terms of employment, ethics, compliance, and sustainability practices compared to other similar organizations.

Use for: comprehensive supplier diligence, monitoring

Lexis Diligence is a core solution and searching it allows you to thoroughly investigate a current or potential supplier for any type of risk and/or financial health. One of the most powerful resources is the global news archive. LexisNexis has always been strong in providing deep and comprehensive access to international, national, and regional news and trade publications and magazines. Other important types of data that you tap into include sanctions and watchlists, international and national company information, country risk information, legal history and ongoing litigation, public records, and biographies. Smartwatch has been replaced by LexisNexis Entity Insight, a real-time proactive risk media monitoring solution that leverages Lexis' wide range of news sources and market intelligence not available on the open Web. Entity Insight was designed for procurement, supply chain and compliance professionals and uses the PESTLE analysis framework (Political, Economic Socio-cultural, Technological, Legal and Environmental). 

Local Business Newspapers and Journals

Use for: supplier research provided by business journalists who closely follow the local markets and companies

Local business publications are invaluable for searching hard to find information on suppliers and local markets. This is due to the business journalists who closely follow and report on business events and the impact they have on the local community. In addition to articles, you will find special sections that identify the "top" lists of businesses spanning all industries based on revenue or total billings. One of the premier publishers of local business publications is American City Business Journals. Their newspapers are in 40 markets across the U.S. Regardless of who publishes them, every major city or region has a local business publication. Subscription-based.

Use for: third party risk management, compliance, and aggregated business information on suppliers

Opus, formed in 2013, is a compliance and risk management provider. Its highly rated third-party risk management solution, Hiperos 3PM, provides a consolidated view of third parties throughout the relationship lifecycle, from planning to onboarding to ongoing monitoring through termination. In 2014, Opus acquired Alacra and added Anti-Money Laundering, Know Your Customer/Vendor and entity data management capabilities to its platform. The Alacra business information online store helps you find rating agency credit research, earnings call transcripts, D&B and Experian reports and market research from dozens of publishers where you pay for only what you what you need.

Use for: private supplier diligence/financials

PrivCo is used specifically for researching major privately held U.S. companies and is a welcome addition to the private company information provider landscape. Here, you can find private company financials and revenues; mergers and acquisition deals; firm valuations; venture capital fundings; private equity deals; private and family ownership breakdowns; bankruptcies; restructurings; and competitors. Subscription-based.

Use for: private and public supplier financial health

RapidRatings’ quantitative Financial Health Ratings (FHR) offers financial health analysis for both national and international public and private companies and is unique in that it rates public and privately held companies globally on the same basis. RapidRatings’ innovative model was created in 1991 and implemented in 1998-2001. The FHR indicates current supplier financial health and forecasts probabilities of default as well. There are a variety of reports offered, including individual company and portfolio risk reports that provide both analytics and commentary. In 2019, RapidRatings released HealthMark, a new product that delivers instant access to financial viability risk analysis for private companies, and the FHR Network, which allows clients and their suppliers, third parties, and vendors to share their financial health rating confidentially and securely.

Use for: ESG (environmental, social and governance) intelligence and monitoring

RepRisk provides ESG (environmental, social and governance) risk data for due diligence, research, and monitoring. Products of interest include the RepRisk ESG Risk Platform and RepRisk Supplier Monitoring Brief. The ESG Risk Platform is the flagship offering and serves as the foundation for all their products and services, with a research scope covering 28 ESG issues. RepRisk Supplier Monitoring Briefs allow you to systematically screen large supplier bases and identify suppliers who are most exposed to ESG risks. You can customize the briefs to include suppliers of choice, the frequency of delivery, and the ESG criteria. Delivered in PDF format, the Supplier Brief is generated to include the latest data from the ESG Risk Platform. 

Use for: supply chain subtier visibiltiy and monitoring

Resilinc enables supply chain visibility by creating supplier multi-tier intelligence and mapping it. The strength of this solution is that it visually maps the interrelationships between the multi-tiers in your supply chain and identifies potential choke points or failure points in the subtiers. EventWatch monitors 40 different risk events in 50 languages and collects impact confirmations in real time from tens of thousands of users during an event. RiskShield proactively quantifies, identifies, and mitigates risk at the supplier, site, sub-tier, product, and part-levels. Resilinc has created The Risk Game, which is an interactive workshop for supply chain practitioners or students to collaborate and earn how to manage risk.

Use for: mutitier supply chain risk monitoring/identitification, impact analysis, and mitigation

riskmethods offers a cloud-based supply chain and supplier risk solution where it identifies multi-tiers (not just the first tier) of supplier production and transportation sites and monitors all types of risk found in the supply chain including supplier, country, and location site. For information capture, different types of sources are integrated, including their own risk research, internal systems, and third party information providers. On a continuous basis, through screening, news events are captured and ultimately transferred into threat risk data for the relevant risk objects of the supply chains. This data is represented visually via an interactive world map that models the supply chains. Three solutions are offered: 1) risk radar identifies threats, 2) impact analyzer assesses impact, and 3) action planner mitigates risks. 

Use for: supplier ethical assessments

Sedex (Supplier Ethical Data Exchange), is a nonprofit membership-based organization dedicated to driving improvements in responsible and ethical business practices in global supply chains. Sedex is a collaborative platform that shares supply chain data for the purpose of analyzing ethical assessments, action plans and corrective actions, and to track progress over time. For buyers, a variety of reporting tools enables you to keep track of your suppliers’ performance. Sedex Analytics, their new supply chain reporting tool, provides the core functionality of Data Monitor, their previous reporting tool, with a faster, easier-to-use interactive tool, giving buyers a quick, visual representation of suppliers around the world. 

Use for: supplier integrity due diligence, supplier risk management and monitoring

The Red Flag Group is a business advisory, information services, and software technology firm that helps corporations manage integrity and compliance of third parties. They are known for their high quality due diligence reports and partner with LexisNexis to provide outsourced due-diligence investigations. The company launched in Hong Kong in 2007 and has offices in the US, China, Central America, the Middle East and Europe. It offers solutions to manage integrity and compliance risks in supply chains that include conducting reviews, audit and investigations, identifying potential supplier risks for prospective and existing suppliers​, and monitoring active suppliers. 

Use for: current and historical public company/supplier operations and financial information

Look at SEC filings for current and historical company, and other filings, for publicly traded companies (e.g., 10-Ks, 10-Qs, 8-Ks) through its Electronic Data Gathering, Analysis and Retrieval System (EDGAR). At the EDGAR Company search page, type in a company name. You can filter results by filing type and date. Note that there is a CIK (central index key) lookup tool (under "Search Tools"), which is handy to use of you are having trouble searching by company name. 

Use for: open access corporate misconduct tracking

Violation Tracker is a wide-ranging database on U.S. corporate misconduct. It covers banking, consumer protection, false claims, environmental, wage & hour, health, safety, employment discrimination, price-fixing, bribery and other cases resolved by more than 40 federal regulatory agencies and all parts of the Justice Department since 2000 -- plus state AG cases and selected class action lawsuits. 

Please reload