Celent takes the issue of security and privacy of commercially sensitive vendor data very seriously. We take all reasonable steps to ensure that vendor data uploaded to VendorMatch & RFX is shared only with financial institutions and their advisers for the legitimate purpose of evaluating your solutions as part of a procurement process. Systems and processes are designed to reinforce this protection including our vendor release process which puts you in control.
What is VendorMatch?
VendorMatch is Celent’s vendor and solution discovery and shortlisting tool, helping financial organizations identify solutions that meet a given set of requirements parameters.
What is RFX?
RFX is an extension to VendorMatch which enables vendors to share Request for Information level information on a multilateral basis with Celent and other third parties. The survey questions are authored by Celent analysts, leading experts in the solution type. They are substantial enough to meet the requirements of the most rigorous financial institution and are based on Celent’s experience with system selection projects.
RFX is designed to be an alternative for a financial institution to creating their own bespoke Request for Information (RFI) for the most common general questions. Celent believes there is demand for a generic golden copy RFI with precompiled vendor responses which can be made available online at the point of need. This facility offers significant efficiencies for financial institutions and vendors alike.
Having access to a generic golden copy RFI response for your use and ensures you can update the information at any time, reducing the effort involved in sharing information with Celent going forward. We will use the information to increase the number of research deliverables we generate on your sector.
How is my VendorMatch information shared publicly?
VendorMatch company profile page and any solution profile pages are openly available to registered users and should be considered public.
VendorMatch survey responses are accessible via the Survey Summary Report and Comparison Grids by subscribers to VendorMatch PREMIUM.
Only financial institutions and their advisers/consultants engaged in a technology investment decision who have purchased a VendorMatch PREMIUM subscription will have access to these features. PREMIUM subscriptions are not available to vendor solution providers,
How will RFX information be made available to other parties?
Responses to RFX survey sections can be made available to subscribers of RFX PREMIUM through the RFX Report.
To access an RFX Report, financial institutions must use the platform to request access, and the vendor must authorize such access via functionality in the My Settings area of the platform. This permissions process is wholly orchestrated through the platform.
Vendors have the option to grant permission to release the RFX responses to the financial institution. This enables the vendor to check that the RFX responses are current prior to release.
How will Celent analysts use my data?
Celent analysts are another consumer of data shared on VendorMatch and RFX for the purposes of undertaking and publishing research. Celent regularly publishes vendor research that feature vendor solutions, segmented by type (e.g., claims solutions or core banking solutions) and often by geography (e.g., vendors serving North America, vendors serving Asia-Pacific, etc.). We will use the response data in the VendorMatch profile, which as noted above, should be considered public for these purposes, as well as the RFX responses to write vendor profiles and create tables and charts in the reports.
Vendors will be provided a copy of their profile to edit and approve prior to publication of any vendor report.
How safe is the network hosting VendorMatch and RFX?
VendorMatch is hosted on our internal networks. Celent is an Oliver Wyman company, and Oliver Wyman is part of MMC, a publicly traded company in the United States. Your response data will be held on the Marsh network. Marsh handles personal and business financial data for millions of customers around the world and is one of the securest networks available.
The Secure Hosting Architecture is composed of a set of Demilitarized Zone (DMZ) tiers that are positioned to support industry standard 3-tier application architecture. Web, Application and Database (DB) DMZ tiers are organized by purpose to compartmentalize application components. Interaction between DMZ tiers is implemented to follow best security practices and defense in depth models. Further information on the MMC security policies and security standards that define the company’s security requirements and directions for protecting MMC’s information and that entrusted to us by our customers can be obtained by asking a Celent employee.
In the past we had the ability to identify data that is not to be shared publicly. Can we still do that?
Currently if you share a report, all information in the report with shared with the requestor.
Celent is looking to add functionality to restrict certain sections from the report.