In today’s world, business interconnectedness continues to grow as companies depend on multiple types of third-party vendors in order to conduct day-to-day operations. One of the toughest things about working with a third-party vendor is ensuring that its business practices are as safe and secure as your own. The current methods used to measure a vendor’s security posture tend to fall short. Using spreadsheet and Word document questionnaires sent back and forth through email is time consuming, static, and subjective. They give a “Point-in-Time” view of an organization’s security practices, rather than a full picture of its security posture.

That’s where SecurityScorecard comes in. SecurityScorecard allows you to instantly and non-intrusively measure the security of almost any company in the world, including your own organization. Its database includes over 1.2 million rated companies; if a company you wish to see has not been pre-scored, it only takes about two days to add it into the database and check its rating.

SecurityScorecard's User-Friendly Risk Rating System

SecurityScorecard’s ratings are more objective and reliable than self-assessments because they are generated from the outside looking in. Their software explores every IP address on the web and links each corporate address to the company. The IP’s are analyzed, and the proprietary risk model links the information collected to the likelihood of a breach. Companies are rated on a standard A through F scale, making the ratings easy to understand for technical and non-technical personnel alike. Organizations rated C, D, or F are five times more likely to be breached than a company with an A or B rating. Additionally, you can view an organization’s scorecard timeline to see how their score has changed over time and what caused the fluctuation in the rating.

The Portfolio in the Risk Rating platform allows you to see all of your vendors and their overall scores at a glance in order to effectively manage and organize them. From the Portfolio, you can click into an organization to see its score in 10 individual threat factors. Each threat factor receives its own grade, and these grades are weighted and averaged to determine the overall rating. To dive even deeper, you can drill down into any of the threat factors to see why it was scored the way it was.

Multiple Use Cases from SecurityScorecard

SecurityScorecard has a variety of use cases, including: Third party/Vendor risk monitoring (TPRM/VRM), compliance monitoring, board reporting, and reputation management. The software is licensed per organization researched, rather than per use case, so you can utilize the information available to you in any way you see fit.

In addition to their Risk Rating platform, SecurityScorecard recently introduced their Atlas platform which was created to help their clients manage, organize, and complete 3^rd party vendor questionnaires. Instead of sending massive security assessment spreadsheets to vendors once a year, Atlas has several standard survey templates that are included right out of the box, such as BSA, GDPR, and most other compliance initiatives. Organizations can also upload their own custom questionnaire, provided that it works with the Atlas template. Keeping security top of mind, all information through Atlas is encrypted so that only the sending and receiving parties are able to view sensitive data.

For more information on Security ScoreScorecard and how it can assist in your organization’s information security efforts, contact Vandis at (516) 281-2200 or info@vandis.com.