Leroy Merlin
Case Studies: Leroy Merlin
Referent: Alessio Setaro CISO
Category: Grande Distribuzione Organizzata
Date: 2022
Leroy Merlin is an international company that is part of the Adeo group, which is the leading player in the international market of large-scale distribution specializing in DIY, do-it-yourself, construction and gardening. The company is present in many countries in Europe, Asia, South America and Africa. In Italy today it has 52 points of sale distributed throughout the territory.
The Challege
Leroy Merlin’s business project would not be feasible without the contribution of suppliers, whose collaboration is essential in the construction of an ethical offer that respects the value it shares and the consolidated trust of customers.
Leroy Merlin works to ensure that customers fulfill their online and in-store purchase promises. It acts with respect for the environment, through a sustainable organization, with control of the Supply Chain, also with regard to the aspects of Cybersecurity and information security.
Hence the need to carry out systematic monitoring of the level of Cyber risk projected onto Leroy Merlin, deriving from the assessment of the security posture of the suppliers and their information security management process.
As a leader in DIY retail, Leroy Merlin must manage an intense network of suppliers; a certainly demanding burden that requires careful planning, careful allocation of resources and an often indefinite time dedicated to managing the entire evaluation process, from interviews to analyzing results, including managing and updating questionnaires . In particular, Leroy Merlin states that it has worked on defining a process for the risk level of its suppliers, defining an initial MVP based on an “Excel questionnaire and on the Cloud Control Matrix framework”.
The Solution
Once the effectiveness of this type of approach was evaluated, in order to obtain an adequate level of effectiveness and automation, combined with the need for greater efficiency in managing the risks deriving from suppliers, Leroy Merlin carried out research on the market and, through the services of Innovery, has identified RiskOut as a solution with excellent potential, simple, intuitive and at the same time well structured.
“Riskout immediately satisfied our main needs and was a winner compared to the comparative assessments made with other products on the market”.
Although this was interesting for Leroy Merlin, discovering that RiskOut would guarantee easy analysis of the outcomes was decisive for the choice. The value of a complete vision of the risks linked to the whole supplier base, of the more detailed risk linked to the individual and the comparative vision between two or more suppliers represented for Leroy Merlin the main difference in terms of activities and results compared to the previous methods .
“With this new method we plan to introduce significant improvements in the process, and the ability to analyze both precise and summary data thanks to the exposed KPIs”.
The innovative approach and the use of RiskOut will be essential to achieve highly significant results for all strategic decisions on supplier risk management.
“Having a control dashboard on which to base strategic decisions on supplier risk management”.