The last decade has seen the rise of consumer networks of all sorts: social networks like Facebook™, professional networks like LinkedIn™, financial networks like Lending Club™ and several others. A common element of these networks is that individuals can connect with other individuals and exchange information. These network platforms were revolutionary because they allowed for one-to-many and many-to-many communication in ways that had never been possible before.
Unlike the consumer world, the business world has not seen widespread use of one-to-many or many-to-many networks for information exchange. There have been old networks like purchasing networks but nothing of the type and scale that we have seen in the consumer world. There are several reasons for this, including the unsolved technical challenges of securely accessing confidential data of many organizations, securely maintaining network relationship information and historical interaction data, among others.
FIG. 1 is a diagram illustrating a typical current process by which vendors and clients interact. All communications are one-to-one meaning one person at an entity interacts with another person at another entity. Any information gathering or data exchange is conducted manually, which requires a lot of effort for the individuals on either side of the communication.
In this example of clients and vendors, clients face growing regulatory pressure regarding management of third and fourth party relationships. That is any individual one-to-one communication may require one of the communicants to take some compliance action manually. This invites errors and increases inefficiency. In addition, it is currently difficult to aggregate data across multiple vendors, multiple organizations, and multiple processes given that there are no data standards across items and vendors.
On the vendor side, the vendor deals with many client requests for data, often being requests for reporting or compliance-related data. Vendors currently must deal with this overhead without internal systems to assist with automatically foreseeing and managing these aspects of client management.
Businesses have multiple relationships with other businesses. The most common type of relationship is that of a vendor and a client. A company can have multiple vendors and multiple clients. In addition, a company can have other types of B2B relationships such as with distributors, franchisees, marketing partners or survey respondents. In each of these relationships, there are specific products or services involved—one party delivers a certain service or product to the other party. Most of these relationships are governed by legal contracts and are subject to specific performance requirements. These requirements require a lot of information to be exchanged between the two parties. Let us take the vendor-client relationship as an example. In such a relationship, the client has to monitor the performance of the vendor. This is essential to ensure that the client has a secure and reliable partner. Such oversight of the vendor relationship is especially important when confidential data is being shared. With the rising threat of cyber-attacks, often the most vulnerable point may not be the internal systems of a company but a system of one of the company's vendors. Additionally, there are regulatory reasons for such monitoring. For example in the financial services industry, there are stringent requirements by regulators to ensure that financial service firms are monitoring their data supply chain—or their 3rd and 4th parties as they are often called in the trade. In addition to the regulatory reasons, there may be reputational reasons as well for such monitoring, as in the case of the retail industry where a retailer or manufacturer wants to make sure that its overseas supplier is using good human resource practices in compliance with US laws for example.
In the context of these relationships, there is a lot of data and information that is exchanged routinely. For example, for monitoring performance, companies send reports to their clients. These performance requirements are referred to by many names such as Service Level Agreements (SLAs) or Key Performance Indicators (KPIs) or Key Relationships Indicators. In addition, the parties also agree to specific oversight requirements—whether these are done through questionnaires being sent by one party to the other or other types of assessments such as on-site audits or third party audits. Additionally, there are many other types of information exchanged between the parties—these can be incident reports, financials, announcements or remediation items.
A B2B relationship is operationalized typically through individual employees at each company that interact with their counterpart at the other company. For example, Joe at company A deals with Sarah at company B and will interact with her to request information, provide reports and send messages. An example is a vendor manager at a company who may be dealing with a client manager at the other company. The vendor manager receives monthly SLA reports, periodic documents, receives questionnaires, answers the questionnaires which are then evaluated by the client and the evaluation may result in additional requests or actions.
Another important feature of these B2B relationships is their chain of dependency. For example, Company A may be a client of Company B and monitors its performance for the specific product or service that they have purchased from B. However, since the goal of the monitoring is to be informed about the reliability of the vendor, it is well known that the status of the vendor is in turn dependent on the reliability of its vendors or vendors of vendors.
It would be desirable for businesses to be able to use a network system for Business-to-Business (B2B) information exchange and monitoring, and also for shared security breach reporting and incident management. Many companies have the contractual, if not regulatory, obligations to report any major incident (e.g., site down, possible breach, major error, etc.) as well as breaches (e.g., security breach, lost personally identifiable information (PII), lost confidential information, etc.). Currently process heavily relies on email and existing support systems such as Salesforce™ or Service Now™. It is very manual in nature as well as tedious to track all communication across the systems and via each individual relationship, to make sure all parties are aware of what is happening. In turn the receiving party may need to alert their business partners of what is going on as well and the whole process starts over alerting the 4th party and so on. Today, there is no single place to access this information or share it with others.