Who are Pentland Brands
Pentland Brands is a privately held, multinational business with over 90 years of heritage in sports, outdoor and lifestyle brands. Founded in 1932, the company has grown from a footwear distributor into a globally recognised brand management group – owning iconic names including Speedo, Beghaus, Ellesse, and Canterbury of New Zealand. Headquartered in London, Pentland Brands operates across 21 offices on four continents, combining deep expertise in product development and brand building with a modern focus on digital commerce and sustainable growth.
Key Benefits for Pentland Brands
- Reduced Administrative Overhead: Transitioning from manual data collection to in-depth risk analysis.
- Greater Ecosystem Visibility: Gaining structured visibility into their entire supplier network and non-direct relationships.
- Enhanced Risk Conversations: Moving from managing suppliers to more informed and dynamic risk discussions.
The Challenge: Tackling Systemic and StructuralRisks
Pentland faced the systemic and structural risks inherent in modern global supply chains — specifically, the concentration risk created by shared technology ecosystems. Their information security team encountered three primary hurdles with respect to their third-party risk management efforts:
- Scalability: Managing a diverse supplier ecosystem without being "crushed by a significant operational overhead."
- Visibility Gap: Gaining structured insights into risks existing beyond their direct, first-tier contractual relationships.
- Manual Friction: Prior to Risk Ledger, communication was "largely document driven," relying on traditional spreadsheets and email exchanges that required heavy manual coordination.
"Concentration risk is an industry-wide reality... Our focus is ensuring visibility and preparedness in an attempt to minimise existential risk."
— Paul Daniels, VP, Global Technology & Cybersecurity
Solution: Transitioning from Administrative Tasks to Informed Risk Conversations
To move closer to a dynamic view of supplier risk, Pentland adopted Risk Ledger’s social network model. This allowed them to replace fragmented and siloed TPRM based on email threads and manual spreadsheets with a "shared platform" where expectations are standardised and transparent.
By leveraging Risk Ledger’s Third-Party Risk Register, Pentland gained a structured way to track and manage risks as the number of suppliers and annual reviews increased.
This shifted the team’s focus from "purely administrative tasks" to more "informed risk conversation" with their critical suppliers and to establish strong relations with their suppliers’ security teams for enhanced risk mitigation and crisis response during emerging threats.
"Using a shared platform has made expectations clearer and more standardised. It has improved transparency and reduced friction by allowing suppliers to provide evidence once and reuse it appropriately.
“The platform has supported greater structure and consistency in our third-party risk governance... enabling a more coordinated approach to assurance and clearer visibility across supplier relationships.”
— Paul Daniels, VP, Global Technology & Cybersecurity
Result: Driving Meaningful Efficiency and Greater Confidence in Supply Chain Resilience
- Meaningful Efficiency Gains: Pentland has seen significant improvements in onboarding and reassessment cycles. The "provide once, use many" nature of the platform has reduced friction for suppliers while slashing administrative overhead for the Pentland team.
- From Static to Dynamic Monitoring: While traditional annual assessments offer only a point-in-time snapshot, Pentland now has a more dynamic view of supplier posture. The ability to track updates over time provides much greater confidence in their security resilience.
- Improved Transparency: The transition to a standardized framework has made requirements clearer for suppliers, fostering a more coordinated approach to assurance across the entire network.
"The standardisation of processes have reduced administrative overhead and enabled our team to focus more on risk analysis rather than data collection... [Risk Ledger] contributes to informed risk conversations rather than purely administrative tasks.
“The ability to track changes and updates over time provides greater confidence than annual assessments... moving us closer to a more dynamic view of supplier risk posture."
— Paul Daniels, VP, Global Technology & Cybersecurity
.svg)
