Project Description

Dolby Laboratories Uses Onspring to Enhance Third-Party Vendor and Risk Management and Automate Business Processes

A TPRM Case Study

Dolby Logo

OVERVIEW

Dolby Laboratories (sometimes shortened to Dolby Labs or Dolby) was founded in London by Ray Dolby in 1965. In the decades since, it has become the leading provider of audio noise reduction, audio encoding/compression, spatial audio, and HDR imaging. Just as Dolby is committed to innovating audiovisual technologies, the company is constantly seeking ways to make its business operations more efficient. It turned to Onspring to enhance third-party vendor management and risk processes.

Profile

Company:
Dolby Laboratories

Industry:
Audiovisual Technology

Reach:
Commercial and consumer customers across the globe

Solutions:
Third-party / Vendor Risk
Onspring GRC Suite

For privacy reasons Vimeo needs your permission to be loaded.
I Accept

Challenge

Previously, Dolby’s governance, risk, and compliance (GRC) team tried to manage its processes manually. As their small, three-person staff has to oversee multiple initiatives and workflows, this proved to be challenging.

“Before Onspring, we didn’t have a GRC tool to help manage our security policies, our controls, and our processes,” said Stephanie Vuong, cybersecurity analyst at Dolby. “Everything was manual, and we didn’t have a solution that fit Dolby’s operational model.”

Dolby had tried to implement several different applications to assist with third-party vendor management and risk assessment, but these were underutilized because they were difficult to use and inflexible.

“Doing manual work was painful for us because it took up a lot of the team’s time to implement processes,” Vuong said. “The previous solutions we had were more product centric rather than user centric, so we had to build workflows how the vendor envisioned them, not in the way we wanted to.”

A new focus on the effectiveness of cybersecurity processes and a desire to automate manual tasks to increase productivity led to Dolby recognizing the need for a dedicated GRC platform.

“Our team knew that we needed a better solution when there was increased scrutiny on our risk and vendor management process,” Vuong said. “It was exposing us to potential data loss and regulatory issues, and we also had limited resources. We needed an affordable solution that we could scale and customize easily to address the changing risk landscape.”

Solution

Dolby did its due diligence when evaluating potential GRC tools that could be used for third-party risk assessment and had a clear vision in mind for the right application and vendor.

“The main thing we were looking for when searching for a new solution was ease of use from an end user standpoint,” Vuong said. “We needed to customize it to what we wanted to do, be self-sufficient, and not have to rely on consultants. But if we did need help, we wanted a company that was very customer centric and invested into our success.”

Another decision point was how long it would take to deploy the GRC platform. Some tools require complex development by an experienced in-house IT team or expensive consulting services, but the no-code development offered by Onspring enables clients to customize features to their unique processes, design new workflows, and develop specific apps.

“We decided to go with Onspring because of the speed to market,” Vuong said. “Anything that we wanted to build and achieve, we could get done in less than 30 days. That was a really big selling point because we had control over what we wanted to do with the platform.”

Vuong had already interned at Dolby, and when the company brought her on full time, she was tasked with administering the Onspring implementation. The company’s responsive tech support was a key factor in making the deployment successful.

“Another thing I love about Onspring is the customer success and services team,” she said. “Because I was so new to the platform, I had a ton of questions and sent a lot of support tickets. No matter how silly I thought the question was, they were so supportive and helped me until I got to where I wanted to be.”

Such responsive support helped Vuong get up and running with Onspring in a timely manner and get her comfortable with customizing the system to the unique needs of Dolby’s GRC team. “We’ve implemented our third-party risk management in Onspring and it has been a little bit over a year since we’ve had that process in motion company wide,” Vuong said. “We also just launched a security, privacy, and compliance checklist in an Onspring app that will help satisfy our software development lifecycle.”

Results

Expediting Third-Party Vendor Management and Risk Assessment

The initial use case for deploying Onspring at Dolby was vendor risk management. This used to be a cumbersome, time-consuming process.

“Our vendor security analyst utilized Excel sheets, email threads, and Word documents to track all her vendor engagements,” Vuong said. “That took up most of her time – hours on end. If she lost anything, she would have to go through all her emails and documents to find whatever she was looking for.”

Once Vuong applied Onspring’s third-party risk management module to this workflow, the vendor security analyst’s job became much more straightforward.

“Now that we’ve implemented Onspring, it’s as easy as her going in, clicking the dashboard, and seeing what she needs to do,” Vuong said. “She has gotten a lot of her time back, is able to concentrate on other aspects of her work, and vendor engagement now isn’t her only focus.”

Progressing from manual processes and moving away from the previous tools that failed to meet Dolby’s needs is changing how the GRC team operates.

“A huge advantage we discovered after using Onspring regularly is the automation aspect. It gave us back time because we were able to automate all the notifications, follow-ups, and whatever we need to track in the platform. Onspring fit our operational model and we’re able to build what we envisioned and bring it to life. We’ve seen such huge success and time efficiencies by automating many aspects of our work.”

Stephanie Vuong Dolby

Stephanie Vuong
IT Security and Compliance Analyst
Dolby Laboratories

One of the main reasons that Dolby selected Onspring was ease of use. While the system has plenty of out-of-the-box features, it also empowers users to take full ownership and tailor functionality to their unique documentation and reporting preferences.

“My favorite feature in Onspring is documentation generation,” Vuong said. “I like how you can customize any sort of template for your document or report. All you have to do is implement the fields and then it looks as you’d like it to. It would only take a week for a new team member to navigate Onspring, build reports and dashboards, and create basic records and apps.”

Dolby’s GRC team intends to expand Onspring to its risk register and other core functions. When asked why she feels Onspring is a good fit for a company’s GRC and business process automation needs, Vuong said: “If there’s any sort of manual work that you’re currently doing, Onspring is going to be your answer. It doesn’t have to be GRC related as the possibilities with Onspring are endless. You can input any workflow or process and automate that, and it’ll make your life so much easier.”

Schedule a demo

Opportunity is knocking

See what Onspring can do for your third-party risk management.
Schedule a demo

Explore more insights