A Toronto-based hospital aimed to develop comprehensive cybersecurity dashboards that would deliver real-time hygiene and security insights across all managed endpoints and services. Additionally, the hospital sought to integrate and fully automate its vendor risk assessment process. With hundreds of vendors and a legacy, manual system that was both time-consuming and inefficient, the existing workflow placed a heavy burden on internal resources. The hospital engaged TechMeka to redesign and automate the entire process end to end, significantly enhancing efficiency, visibility, and accuracy.

Challenges:

• Designing a flexible form structure capable of capturing comprehensive information across a diverse vendor base, including details about their internal controls.
• Ensuring the form remained easily editable to adapt to evolving assessment criteria and compliance requirements.
• Leveraging widely available, cost-effective technology to make the form easily accessible without introducing additional licensing or infrastructure costs.
• Implementing robust validation and a severity-coded scoring system to clearly identify and prioritize high-risk vendors.
• Automating the entire distribution and submission process to streamline vendor engagement and reduce manual effort.
• Storing incoming form data in a secure internal database to enable advanced analytics and reporting.
• Integrating telemetry and risk data from multiple sources to gain real time risk insights.

Solutions:

TechMeka delivered a fully integrated Microsoft 365 solution that automated the hospital’s vendor risk assessment process and provided real-time visibility into cybersecurity posture. Using native Microsoft technologies - the team designed a dynamic, easily editable assessment form with built-in validation and a severity-based scoring system.

• Excel was chosen for form creation due to its familiarity, flexibility, and ease of distribution.
• The end-to-end process—including form distribution, tracking, and submission management—was fully automated using Power Automate and SharePoint Online.
• Vendors were able to complete the form and submit it effortlessly by sending it as an email attachment.
• Submitted forms were automatically cataloged and securely stored in an internal database for further analysis.
• Telemetry and risk data from SCCM, SentinelOne, and Intune were integrated into a unified semantic model, enabling comprehensive, real-time reporting through interactive Power BI dashboards.

Benefits:

• Automated vendor risk assessments, eliminating manual follow-ups and saving internal resources.
• Real-time visibility into endpoint security posture using unified telemetry from SCCM, Intune, and SentinelOne.
• Interactive Power BI dashboards offering drill-down insights and high-level executive overviews.
• Dynamic and editable assessment forms, adaptable to evolving compliance and audit requirements.
• Secure and structured data storage within SharePoint for auditability and advanced analytics.
• Streamlined engagement through automated form distribution and collection via email.
• Scalable solution foundation, ready for future expansion into broader risk or compliance tracking.