Third Party Supplier Management with Panorays

A Third Party Supplier Management (TPSM) Program is a solution to oversee, assess, and provide ongoing management of vendors in one place. Most organizations don’t have the bandwidth, the breadth of knowledge, or the tools to perform one-time and continuous assessments on their suppliers. Yet, it’s increasingly important to ensure you’re covering all your bases, as data breaches attributed to third-party security are increasing. Vendors require vetting, expert staff, and consistent, ongoing monitoring.

HALOCK has partnered with Panorays to offer licensing, initiation, and operation of Panorays for your business. If an organization utilizes HALOCK’s Risk Management Program (RMP), hours can be deducted from the organization’s existing retainer, and Panorays will be implemented in conjunction with the RMP.

What is Panorays?

Panorays is an automated, scalable, fully regulatory compliant solution that serves as a centralized portal for assessing security posture, continuous monitoring, security questionnaires, security evidence storage, and remediation tracking. Third-party related incidents are on the rise, so visibility, and communicative and responsive relationships with suppliers is crucial to ensure they are effectively providing their services to your business.

HALOCK TPSM with Panorays

Asset Discovery and Vendor Monitoring

  • External network vulnerability scans, asset discovery and monitoring, social posture on any vendor.
  • Fourth-party vendors relationship discovery
  • Track remediations, dispute findings, validate changes within a central portal.
  • Notifications when ratings improve or worsen.

Assessment Questionnaires

  • Send automated, customizable security questionnaires based on relationship, criticality, or regulatory requirements to suppliers.
  • Questionnaire tracking, communication with suppliers, upload evidence, create remediation plans securely.

Findings analysis and Reporting

  • Customize dashboards, reports on Threat Levels, Critical Findings, Supplier Portfolios, etc.
  • Innovative ways to discover, analyze, and manage third-party vulnerabilities.

Why Choose Panorays TPSM as a Service with HALOCK

HALOCK’s team, comprised of specialized consultants and engineers, understand security frameworks, risk management, and regulatory compliance requirements. We already have the skillsets to manage TPSMs successfully, as we have worked directly with hundreds of vendors and solutions. HALOCK Retainer Hours spare your organization from additional contracts, costs, and licensing fees. You’ll have access to HALOCK’s resources to enhance your Security Team and tailor your TPSM services, at an exclusive price, to meet your unique business needs. Additionally, you will have access to the solution if you desire to manage assessment and questionnaire activity on your own.

What to expect with HALOCK TPSM with Panorays

***Panorays is offered as a service with HALOCK as a standalone service or in conjunction with HALOCK’s Risk Management Program.

Stage One: Objective and Scope

HALOCK will define the scope and objectives of our Third-Party Supplier Management with Panorays and discuss pricing and timeline for the client.

Define the combination of one-time and continuous assessments, with and without questionnaires of identified suppliers within one calendar year, beginning upon initiation of the project.

Stage Two: Onboarding (One-Time Fixed Fee)

If applicable, HALOCK will provide the number of hours to be deducted from the existing retainer/RMP. This will include the following components:

  • Minimum requirement of (10) continuous assessments of identified suppliers within one (1) calendar year (12-month term beginning upon initiation of the project)
  • Assessment platform setup (included)
  • Access to the vendor management portal instance. (No tool costs required)
  • Assessment tool management (included)
  • Assessment project management and status reporting (included)
  • Onboarding (included)

Stage Three: Third-Party Supplier Management Services, Activities, and Deliverables (Time and Materials)

The following are optional components:

HALOCK assisted Assessment and Quarterly Reporting (Optional)

  • Identification of external assets belonging to supplier.
  • External security assessment of Internet accessible systems and applications.
  • High level executive summary per supplier.
  • Prioritized and detailed technical findings and recommendations report per supplier.
  • Additional findings related to an evaluated supplier will be added to the technical report, given a criticality rating, and provided a recommendation on how to address. (Penetration test results, SIG, SOC2, etc.)
  • Quarterly meeting to review the assessment results.


HALOCK assisted Add-on -Questionnaires – (Optional)

  • Setup of supplier questionnaire with (if applicable).
  • Evaluation and weighted scoring.
  • Completion of one (1) security questionnaire per supplier.

Request a Demo