Verterim: Proactively Reducing Business Risks

CIO VendorPeter Ridgley, CEO & Founder
For many, just the thought of running a 12 mile long obstacle course through pools of icy water and live wires carrying 10,000 volts of electricity is enough to send shivers down their spines; but not for Peter Ridgley—an avid outdoorsman and a fitness enthusiast who holds the reins of Verterim. He is undaunted by challenges that test human endurance to the absolute limits, and takes them head on. Being the risk-taker that he is, when Ridgley is not pushing the boundaries of his body, he supplements the crave for adrenaline by tackling demanding business problems. “As as a former Chief Information Security Officer (CISO) myself, I do find that quite a few in my line of profession engage in high-risk activities, and it is that personal practice what makes them so good at what they do professionally,” opines Ridgley, CEO and Founder of Verterim.

With Verterim flaunting a name that means “to turn” in Latin, Ridgley founded his company to enhance the Governance, Risk, and Compliance (GRC) standard practices, which are inadequate for today’s increasingly complex business environments. “Companies are trying to grasp the true risks represented in their businesses and are moving towards being risk proactive rather than risk reactive,” says Ridgley. Fortunately, Verterim brings a wealth of industry knowledge and experience that simplifies GRC business processes and practices to save clients time and money. Verterim’s GRC specialists understand not only the technological complexities but also the organizational challenges and offer solutions to fit client specific needs and cultures. “We enable companies to become more risk intelligent,” remarks Jennifer Anderson, GRC Program Director and Strategist for Verterim.

Effective Risk Management

As a leading provider of GRC solutions and services, Verterim leverages Check Point to provide the control over access to High Value Assets (HVA) and report on that access for compliance purposes. Verterim’s executive leadership has a well established relationship with Check Point. “Check Point‘s Threat Prevention suite allows customers to actively profile IT risk in a safe environment and align findings from assessments to HVAs for prioritized remediation and response,” says Ridgley. Basically, Verterim takes Check Point’s preventative control capability and incorporates it into GRC programs, providing proactive defenses needed to secure vital client information and assets. “This is an important part of a puzzle that enables customers to prevent, detect, and respond to threats against its organizational goals effectively,” he adds.

The pervasive risk management need transcends the IT and vendor management space as well. “When we meet with our clients, many of them are interested in having a deeper understanding of the infrastructure and business model of the vendors they are utilizing,” says Ridgley. Nearly every company is trying to comprehend the level of access they have on their own environment and the financial viability of their vendors and suppliers. With Verterim by one’s side, vendor performance management becomes simpler and companies will find themselves more prepared to manage third party risk. Verterim’s hands-on approach for implementing risk management solutions is valued by its customers.

Streamlining GRC Program Management

“Our business oriented approach to consulting engagement helps us stand out from the competition,” states Ridgley. Every key member at Verterim—from executive leadership to the last consultant—has been a customer in this GRC space before. This gives the company a distinct advantage. “We understand the GRC journey, know what a customer wants from a business function standpoint, and most importantly we communicate practical and realistic goals against the customer’s timeline,” comments Ridgley. Verterim has the caliber to quickly and cleanly establish programs leveraging products and services to prioritize the management of risk against a customer’s business objectives. This effectively means, instead of having massive amounts of vulnerabilities to address, companies are now faced with a focused set of issues. “Quite often the issues are typically distributed throughout the organization and are siloed,” points out Jennifer. Since the tools offer many different ways to generate findings or issues, when companies fail to understand the business process and escalation process they can unknowingly create even more issues based on the way they set up some of the workstreams in the tools. “We have the ability to bring disparate information together and drive efficiency within an organization,” she adds.
While there are teams working independently on different aspects of a company such as information security and IT, they are not collaborating with each other. “By the nature of the types of business functions it touches, a GRC program brings people together,” comments Jennifer. Verterim is an established partner with RSA and works primarily within the GRC space on the Archer platform. So as a first step in the implementation of a GRC program, Verterim identifies the immediate needs a client has and then looks at it from a program maturity perspective to ensure that the goals are attained in a seamless manner. Subsequently, Verterim makes the most of the existing resources that a company has and establishes the framework of a program that will scale with the company. “We employ a lot of different frameworks that are very tailored to the company but also based on our best practices to incorporate engagement models, management of IT resources, marketing, and functions around budgeting,” states Jennifer.

Putting Customers First

Verterim leverages Archer’s well defined Application Programming Interfaces (APIs) as well as its native import capability and extends it both in terms of importing data from varied sources and exporting it for custom reporting requirements. Apart from that, the company also offers complementary tools to simplify the entire process—resulting in superior end-user experience. “The user experience is incredibly important to us. It goes along with our consulting methodology which really revolves around business process. We are not tool-centric; we are customer-centric,” emphasizes Ridgley. Verterim first tries to understand client requirements around the business process by putting themselves in the customer’s shoes and then customizes the platforms to support those processes. “This is something where many resellers and professional services firms fail because they don’t spend enough time on client’s business processes and instead spend way too much time talking about new platforms and ‘rip and replace’ opportunities,” he adds. Verterim’s team is constantly involved with the customer—they are always scanning the corporate environment and understanding the businesses challenges.

“We pride ourselves on having long-standing relationships with our customers,” remarks Jennifer. Verterim finds the most traction in industries that face regulatory requirements. One of the important illustrations of Verterim’s prowess is the multi-level supply chain management assessment they performed for a large hardware and software provider. “The client wanted an economical cost of goods to develop their end products, without any disruptions form the geopolitical issues,” explains Ridgley. After the assessment, Verterim clearly articulated which vendor had the goods that the client was looking for— with accurate inventory details and purchase availability. This enabled the client to manage not only the risks their suppliers presented to them in terms of geopolitical concerns, but also the costs and availability.

"Having been the customer, we understand the importance of listening and understanding in order to solve business problems"

Another use case that Ridgley and Jennifer are particularly proud of is their development of a GRC program for a large manufacturer in the consumer electronics industry. With a series of different tools that managed risk across multiple stakeholders, the client was in need of consolidation to be able to generate actionable metrics. Verterim pioneered the development of a GRC strategy and an associated program that brought together the process for managing risk across the entire organization in a harmonious manner.

Verterim enables companies to become more risk intelligent

The Road Ahead

Having been in the business of information security and risk management for a long time, “Verterim will continue to provide the best possible GRC professional services in the industry,” states Ridgley. The company will refine a managed service offering, providing clients the ability to leverage Verterim best practice and start up a GRC program quickly and efficiently without the burden of additional full time resources. “Lastly, we will continue to build connectors and other intellectual property that will save our customers time and money, and pull together what is still a diverse set of tools and services supporting GRC,” reveals Ridgley.


Hopkinton, MA

Peter Ridgley, CEO & Founder and Jennifer Anderson, GRC Program Director

A professional services consulting firm specializing in GRC program implementations