Pinnacol Assurance Case Study

By CyberGRX

Download Case Study


CyberGRX Helps Pinnacol Quickly Vet Vendors with Confidence

Building Confidence

Pinnacol needed an innovative third-party risk management solution that would help them quickly assess their third parties so they could make confident business decisions about them. After interviewing several third-party risk solution providers, Pinnacol found that partner in CyberGRX.

About Pinnacol

Established in 1915, Pinnacol engages with more than 57,000 employers to provide workers’ compensation insurance across Colorado. They work closely alongside insurance agents, injured workers, legal teams, and employers to ensure personalized attention and service. A technologically innovative organization, Pinnacol strives to be highly responsive to their partners and customer base to provide The Pinnacol Difference.

CyberGRX helps Pinnacol assess vendors faster and identify hidden third-party risks.


For more than a century, Pinnacol has been entrusted with its policyholders’ and injured workers’ confidential information. As such, their commitment to customer privacy is deeply embedded in their values and extends to their third parties. As technology has become more of a part of our daily lives, Pinnacol’s customers are demanding similar experiences.

This has prompted Pinnacol to spend more time looking at new technology solutions while ensuring the solutions chosen still support the privacy requirements expected by their customers. While Pinnacol typically relied on SOC 2s, many of the vendors being considered were start-ups that had not gone through a process to verify privacy infrastructure and protocols were in place.

Pinnacol’s Cybersecurity Department was overwhelmed with the amount of time that was necessary to accurately analyze these prospective vendors. They needed an effective and trustworthy third-party risk management solution that would help them quickly vet current and prospective vendors to ensure they had the security controls in place to safeguard their customers’ data. After interviewing several third-party risk vendors, Pinnacol found the partner they were looking for in CyberGRX.

Our executive team is impressed by CyberGRX’s innovative third-party risk management approach, and we are excited to be a part of their Exchange.

How CyberGRX Helped

Since the start of the relationship, the entire organization – from the executive team to the risk management and IT teams – has felt confident they’ve had better visibility into their third-party ecosystem. CyberGRX Assessments have helped Pinnacol pull back the curtain on third-party providers, allowing them to quickly identify risks and confidently make decisions on which organizations they can trust with sensitive information.

Pinnacol even took the CyberGRX assessment themselves, so they could understand and better appreciate the third-party assessment process. That experience, coupled with the validation provided by CyberGRX and the great customer support, helps Pinnacol quickly identify any discrepancies or areas of interest to focus on. As Pinnacol became more familiar with CyberGRX, it became evident this solution could be used for more than just true technology vendors.

Since many of Pinnacol’s non-IT partners are also entrusted with confidential information, Pinnacol has decided to use the CyberGRX Assessment for these partners to help in understanding their risks. Pinnacol also believes these vendors will find equal value in the assessment process


Since working with CyberGRX, Pinnacol has been able to speed up their analysis of third-party vendors, easing the burden on the Cybersecurity Department. They have also identified third-party risks that they otherwise would not know existed. This enables them to make faster business decisions around their vendors and take a more educated and confident approach to third-party risk management. Within the next year, they look forward to learning more about their non-technology focused partners’ infrastructures and how they protect Pinnacol’s sensitive data.

The support and ongoing collaboration we’ve received from CyberGRX and their customer success team has been extremely responsive and helpful. It has truly changed the way we assess vendors and manage third-party risks. They are always looking for new ways to improve their tools and processes to help us find and address risks. Our executive team is impressed by their innovative third-party risk management approach, and we are excited to be a part of their Exchange.

- Kelly Lutinski, Pinnacol Chief Risk Officer

Request A Demo

CyberGRX is hosted on AWS and available on the AWS Marketplace



Join 5,000+ risk professionals who subscribe to the CyberGRX Newsletter