Skip links
ECIX TECH

Transforming the supplier approval process with Legal Operations and AI

Challenge

A large multinational in the energy sector managed the approval of hundreds of suppliers through its central purchasing office, supporting different companies and business lines.

Each new supplier had to be assessed against stringent privacy, cybersecurity and corporate compliance requirements:

  • Manually review extensive questionnaires and supporting documentation (policies, certificates, contracts, technical evidence, etc.).
  • Coordinate various internal teams (procurement, legal, privacy, security, compliance) with criteria that are not always homogeneous.
  • Manage the traceability of decisions and risks in multiple systems and spreadsheets.

The result was a slow, fragmented process that was highly dependent on manual effort, with approval timescales measured in weeks and impacting both business agility and responsiveness to new procurement needs or regulatory changes.

The company was looking for a model that:

  • Accelerate accreditation, while maintaining - or raising - standards.
  • Standardise the evaluation criteria for all suppliers.
  • Provide full traceability and clear evidence of compliance to internal and external audits.

Approach

ECIX Tech designed and implemented a comprehensive Legal Operations service based on a combination of expert services and the use of the eTPC third-party management solution in conjunction with MIA Enterprise. to transform the process.

The approach was structured along three axes:

  1. Redesign of the approval model (Legal Operations)
    • Complete mapping of the approval flow for central purchasing, from the initial request to the final decision.
    • Definition and alignment of common assessment criteria in privacy, cybersecurity and corporate compliance.
    • Establishment of a clear governance model: roles, responsibilities and risk levels by type of provider and service.
  2. Intelligent automation with MIA Enterprise
    • Use of Nero for the automatic reading and extraction of key information from documents provided by suppliers (security policies, certificates, data processing agreements, etc.).
    • Use of Criterion for the automated evaluation of evidence, comparing the extracted information with the regulatory and corporate requirements defined by the client.
    • Automatic generation of assessment results, identifying deviations, gaps and recommended mitigation measures for each supplier.
  3. Orchestration and traceability with eTPC
    • Centralisation of the entire approval process in eTPC, which acts as a "control tower" for suppliers and service lines.
    • Structured record of each assessment, its level of risk and the decisions taken, with full history per supplier.
    • Integration with the client's internal systems (procurement, contracting and corporate tools) to minimise changes in daily operations.

Results

The joint implementation of MIA Enterprise and eTPC, integrated into a Legal Operations service managed by ECIX Tech, generated measurable and sustainable impacts over time:

  • 75 % reduction in time spent on manual tasks
    Reading documentation, checking evidence and cross-checking against normative criteria was no longer done manually. Teams shifted their focus from processing information to reviewing relevant cases and making decisions.
  • Reduced approval times from weeks to days
    Dossiers that previously required several weeks of information exchange, analysis and internal validation are now resolved in a matter of days, significantly improving the central purchasing department's ability to service the needs of the business.
  • Increased accuracy, consistency and traceability of assessments
    • Apply the same standards to all suppliers.
    • Have a complete history of decisions, evidence and risks.
    • Facilitate defence against audits and regulatory reviews, with a clear repository of what was assessed, how and with what outcome.
  • Strengthening control over privacy, cybersecurity and compliance risks
    The company gained a consolidated view of the risk associated with its critical suppliers, with the ability to prioritise action plans, renegotiate conditions or demand improvements in security and compliance measures. renegotiate conditions or demand improvements in security and compliance measures.
  • Cultural transformation to a data-driven Legal Operations model Beyond the time savings, the project positioned the compliance function and central procurement as levers of value, able to support the business with fast, informed decisions aligned with the most demanding regulatory standards. with fast, informed decisions aligned with the most demanding regulatory standards.

Learn more about Client Stories

Fit by
Learn more about Clients Stories