What is the value in inviting my vendors?
As most of our customers know, every single company – customer or not – gets free and unlimited access to their own company’s Scorecard. This view allows them to see the complete details of their scorecard and a high-level view of five other scorecards. SecurityScorecard provides this free access because we know that when companies engage with their scorecard, their scores improve, their attribution becomes more accurate, and our customers lower their own cyber risk.
When a company has hundreds or thousands of vendors, an annual, point-in-time assessment is not able to reflect the changing security dynamics of their third-party population. SecurityScorecard updates scores daily, but if vendors are not engaged, their issues may go unremediated, posing a risk to the whole supply chain. By inviting their third parties to SecurityScorecard, a company signals the importance placed on maintaining high cyber-risk standards. Third parties using SecurityScorecard have regularly improved their score by at least 5 points compared to third parties not using SecurityScorecard.
Additionally, by incorporating Scorecards into the initial vendor assessment process, customers create an opportunity to actively engage with their vendors throughout the onboarding process. This open dialogue provides opportunities to assess timeliness of responses to emerging risks and also better understand any systemic issues that might require additional focus as part of the onboarding process. By engaging in a collaborative onboarding process, organizations can better assess the suitability of third-party relationships in the context of a working relationship.
As an organization incorporates Scorecards into the vendor lifecycle, there are opportunities to refine governance elements in the form of service level agreements into new agreements and renewals. By setting expectations of minimum acceptable thresholds, response times and reporting on the status of mitigation efforts, companies standardize measures of performance across their vendor population which, in turn, allows for more robust monitoring and mitigation of cyber threats.
What is the Invited Company process?
Request an Invited Company process discussion with your CSM; depending on your needs, your CSM can provide high-level workflow; if your needs are greater, we can pull in our Professional Services team for advisory or managed services.
Determine the thresholds or events your team should be alerted for; it can be issue types that align with a compliance framework or maintaining over a certain grade
Set up portfolios and Rules within the platform
Draft your warm email to introduce your vendors to SecurityScorecard – your CSM can provide drafts and best practices
Click the “Invite Company” button on their scorecard page
How can SecurityScorecard help with questions from our invited companies?
Please have your invited company sign up here for our informational webinar April 21, 2022 at 1PM ET.
What are some of the challenges we’ll be covering within the Webinar?
How can SecurityScorecard help me with monitoring my own environment and my third parties?
Some of the information on my scorecard looks incorrect; how can I change this?
My company uses another scoring system; how does SecurityScorecard compare?
What information can I access with my Freemium view?
How can SecurityScorecard help me with my lack of resources?