For Ubicquia, vendor assessments that used to take two weeks now take an hour

Vendor management was the most visible pressure point for Ubicquia. When a new vendor came in, the process looked like this: an email to find the right contact, a spreadsheet questionnaire tailored to that vendor's service type, a wait for it to come back, then a manual review of everything that came in. Multiply that across a queue of 15 to 20 vendors running simultaneously. One vendor assessment could take two weeks. And while that vendor was being assessed, others were stacking up behind it, waiting their turn.

‍

The rest of the program ran the same way. Risk items that belonged on the register sometimes weren't there. Evidence for audits had to be pulled from scattered folders across SharePoint. JIRA tickets, email threads, Word documents; nothing was connected. "We were always kind of being in reactive mode all the time," Ody says. Something due would come up, and the team would scramble.

‍

What made the timing especially bad: the team was already in the middle of preparing for a series of audits when they realized their existing tool (a more complex platform that wasn't right-sized for their team) wasn't going to get them there.

‍

What Ubicquia needed wasn't more features but simplicity. One place where the work could actually get done without layers of complexity standing between the team and the functionality.

Ubicquia chose Complyance during that audit crunch, and within a week, the vendor assessment workflow was live. Not configured, not partially set up, live and running.

‍

"It was just a question of going in, pushing out questionnaires, and making sure that there wasn't that clog in the workflow as far as the GRC team was concerned."

‍

The implementation experience mattered as much as the platform itself. The Complyance team didn't hand over a knowledge base and leave. They were in it alongside the team with bi-weekly sessions during the fast start phase, then weekly check-ins to optimize whatever had gone live.

‍

"Every step of the way, the Complyance support team has been on us. There was no time where it was like, 'This is how we do it, follow step one through three.' They were right there."

‍

Vendor assessments now run through the platform end to end. Questionnaires go out, responses come in, and the AI vendor review agent does the initial pass: flagging issues that need immediate attention, identifying where a follow-up question is needed, surfacing requests for additional evidence. The team doesn't start from zero on every review. They start from a structured analysis that tells them where to focus.

‍

"It is amazing because it is so well configured to pull out any issues that need our immediate attention," Ody says. "If we need to send back a clarifying question to the vendor, we can do it on the spot."

‍

The two-week vendor assessment is now one hour. That's not a round number, Ody Njoku, (GRC Manager) is specific about it. From gathering the vendor's information to completing the assessment, the average is one hour flat.

‍

The risk program looks different too. Before Complyance, risk was fragmented: vendor risk lived separately from enterprise risk, items fell off the register, and the team was perpetually catching up. Now there are dashboards. Executive-level views of the risk register. Board reporting that shows what the risk landscape actually looks like rather than requiring someone to narrate it.

‍

The shift from reactive to proactive is the one Ody returns to most. The team recently completed a top-down risk assessment, pulling all moving parts into the platform, identifying risks they hadn't been closely tracking, and prioritizing what needed to be addressed now versus later.