Who are Centric Software?
From its headquarters in Silicon Valley, Centric Software provides an innovative and AI-enabled product concept-to-commercialisation platform for retailers, brands and manufacturers of all sizes. As experts in fashion, luxury, footwear, outdoor, home, food & beverage, cosmetics & personal care as well as multi-category retail, Centric Software delivers best-of-breed solutions to plan, design, develop, source, comply, buy, make, price, allocate, market, sell and replenish products.
We saw first-hand how the platform simplified and clarified expectations for us [as a supplier]. The ability to reuse responses, track engagement, and provide real-time evidence significantly reduced administrative burdens, and that transparency, combined with scalability across hundreds of global vendors, made Risk Ledger a clear choice for managing our own third-party risk program.
Prab Cheema, Director of Corporate Security, Centric Software
The Background
As a prominent US provider of product lifecycle management (PLM) software, Centric Software has leveraged Risk Ledger for many years as a supplier to demonstrate its security posture transparently to its clients. Recognizing the platform’s value first-hand, Centric Software recently expanded its engagement by becoming a Risk Ledger client as well - adopting the platform to manage and assure the security of its own extensive and increasingly complex supply chain.
This dual perspective uniquely positions the firm to identify and address emerging risks - especially those related to the rapid and widespread adoption of generative AI by its suppliers - while fostering enhanced supplier collaboration and real-time risk visibility.
Addressing the New Frontier of Supply Chain Risk
Reflecting on the current state of supply chain cyber risk, Centric Software’s Director of Corporate Security, Prab Cheema, highlights the rapid adoption of generative AI as a leading concern:
“The most pressing risks stem from the rapid adoption of generative AI, particularly where third-party vendors use AI tools without proper governance. This introduces concerns around data leakage, unauthorized model training using proprietary information, and a lack of transparency in AI decision-making processes.”
Other areas of focus include shadow AI usage by suppliers, undisclosed AI risks in vendor assessments, but also software supply chain compromises - especially those involving open-source dependencies - as well as geopolitical vulnerabilities affecting vendors in certain regions.
This perspective also drives Centric Software’s risk management strategies, with continuous risk visibility and governance related to AI and other emerging technology usage by its suppliers as a key focus.
Addressing Traditional TPRM Shortcomings
Centric Software recognizes the inherent limitations with conventional TPRM processes, which have historically been static and compliance-box-checking exercises producing assessments that are prone to becoming outdated quickly. According to Cheema:
“Traditional TPRM has been largely static and checkbox-oriented, often relying on once-a-year assessments that quickly become outdated. Key gaps include real-time visibility, a lack of context to assess vendor risk relative to our own operations, and limited collaboration as suppliers often see assessments as compliance tasks rather than risk-reduction opportunities.”
To achieve a truly effective TPRM approach, Cheema advocates for integration with threat intelligence and AI governance standards, as well as real-time risk scoring - especially for AI- and data-sensitive vendors.
Why Centric Software Decided to Adopt Risk Ledger for Their Own TPRM?
Drawing on their experience as a longtime Risk Ledger user from a vendor perspective, Centric Software chose to also start using the Risk Ledger platform as a client to assess and mitigate risks in its own extended supply chain. Having experienced the benefits that Risk Ledger offers suppliers using its platform, not least its ease of use, extensive documentation and dedicated customer support available to help suppliers, were important variables for Centric Software. In the words of Cheema:
“We saw firsthand how the platform simplified and clarified expectations for us [as a vendor]. The ability to reuse responses, track engagement, and provide real-time evidence significantly reduced administrative burdens, and that transparency, combined with scalability across hundreds of global vendors, made Risk Ledger a clear choice for managing our own third-party risk program.”
Prior to adopting Risk Ledger, Centric Software employed a very manual process, and by adopting Risk Ledger they not only moved towards greater automation, but also broadening their risk assessment framework. As Ashvin Muddappa, Security Analyst, Corporate Security Operations, at Centric Software pointed out:
“Risk ledger allows us to ask questions and direct our assessment toward multiple domains. We didn't really have a tool that would allow us to assess suppliers on topics as wide ranging as certifications, HR security, IT operations, software development topics, and then shift all the way to things like physical security as well. We also landed on Risk Ledger because it was a simple tool that simplified a difficult process.”
He also explained:
We recently started having more discussions about sub-processors as well. So, as that conversation advances and the company grows and the vendor list grows, I think that list and that visibility further down the supply chain is going to become very important. So having this Risk Ledger capability in our toolbox will be useful and will be valuable.
Sharing Risk Ledger’s Vision to Transform TPRM
Centric Software also embraces Risk Ledger not just as a compliance tool, but as a platform helping to transform TPRM into a more dynamic cyber defense discipline. Several critical areas for innovation that Risk Ledger is already actively introducing were also noted by Prab Cheema as crucial to make TPRM and supply chain security future-proof:
“Integrated AI Risk Reviews that embed assessment questions and automated checks about AI tool usage, model hosting, and data protection; continuous risk telemetry that triggers reassessments based on relevant security signals; and collaborative threat sharing across sectors using platforms like Risk Ledger.”
Like Risk Ledger, Prab Cheema also envisions TPRM evolving from static questionnaires to dynamic, risk-informed collaboration between enterprises and their suppliers.
Enhancing Collaboration: A Collective Defense Approach
Industry-wide collaboration, especially where suppliers overlap, is equally imperative for organizations to achieve greater systemic resilience. Prab Cheema agrees:
“It’s critically important. Shared suppliers introduce systemic risk, particularly when AI/ML is deployed across multiple clients without clear data or model separation. Collaboration helps set baseline security expectations, reduce redundant assessments, and encourage vendor accountability through collective visibility.”
Centric Software appreciates Risk Ledger’s unique capability to facilitate cross-industry collaborative risk sharing and transparency, and encourage industry peers to Defend-as-One.
Supplier Experience: Streamlining and Improving Engagement
Inviting suppliers to join Risk Ledger has yielded positive feedback, according to Cheema, especially from smaller vendors:
“Several smaller suppliers found the platform made security assessments more structured and easier to understand. They appreciated streamlined onboarding, centralized document management, and transparency about what larger customers expect for compliance.”
This improved supplier engagement has also enabled more productive two-way communication focused on security gap remediation.
With the lack of supplier engagement regularly cited by TPRM and cyber security experts as a key shortcoming of most TPRM programmes, Risk Ledger’s unique focus on supporting suppliers and providing tangible benefits to them contributes directly to this positive outcome described by Cheema.
Efficiency Gains
As evidenced by Prab Cheema, since adopting Risk Ledger for their own supplier assessments, measurable gains for Centric Software have included:
- Approximately 40% reduction in average vendor onboarding time
- More than 60% decrease in manual follow-ups
- Evidence reuse shortening questionnaire completion from two weeks down to under four days for many vendors
According to Ashvin Muddappa, meanwhile:
Using Risk Ledger has definitely improved our TPRM process, for sure. Streamlining the process and getting visual insights on our suppliers allows us to quickly understand things like when the last assessment was completed, whether there any unapproved vendors, any vendors that are still in review, any vendors that are out of scope or that aren't compliant.
Looking Ahead
Centric Software foresees Risk Ledger playing an increasingly pivotal role as regulatory demands around AI and third-party data usage intensify.
As Cheema explains:
“Supporting AI governance controls by flagging vendors deploying AI in critical processes without documented safeguards; enhancing geopolitical risk scoring tied to evolving regulations like NIS2; and integrating risk data with our internal SIEM for real-time incident tracking” will be a key focus for Centric Software.
By progressively integrating Risk Ledger into both their customer-facing security posture and their internal vendor risk management processes, Centric Software exemplifies a forward-thinking approach to supply chain cyber security.
