Posted on Jul 27, 2017
For those of you who joined SecurityScorecard and our customer Allstate at the IAPP Webinar on Assuring Data Privacy and Security Compliance, we greatly appreciate the lively audience! We were happy to share some of our experiences in the information security space and even happier to hear the unique insights from Derek Morford and Adriana Novielli at Allstate.
With over 400 registrants, we did not have time to get through all the audience questions during the Q&A session, so we thought we’d take time to answer a few more of those questions in this post.
Does use of something like security scorecard create reasonable diligence to monitoring suppliers appropriately over time for security?
Yes, SecurityScorecard takes a continuous monitoring approach where any company in the platform monitored in real time continuously on an ongoing basis. Data analytics is stored on a historical basis so users can go back in time to view performance history. This data is actively used by customers to serve as evidence of due care for third party or compliance party.
What is the minimum number of people needed to implement a vendor program?
It really depends on the demands from the business, the volume of companies that require diligence, and so on.
Do you categorize your vendors by risk only, or some other manner, say, industry, service, etc.?
There are several ways to categorize and bucket your vendors. Each company buckets vendors slightly differently based on their specific needs. One example is bucketing by level of criticality, but we do see customers bucketing into other types of groups such as : by department, by business function, by use-case, or all of the above. Put simply, how categorize vendors depends heavily on the needs of the business.
How does Security Scorecard get the information needed to determine a grade?
The majority –about 80 percent-- of the data used in scoring is collected by Threatmarket, our proprietary data collection engine. ThreatMarket collects data in the following ways:
In addition, SecurityScorecard supplements its ThreatMarket data with data from public sources and from some third-party commercial sources.
Where will the presentation be shared?
If you missed our IAPP Webinar on Assuring Data Privacy and Security Compliance? Click here to view the recording.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.