Portfolio Assessment Report Mehron The Portfolio Assessment report delivers visibility into aggregated risk, data breaches, and the security effectiveness of vendors. This report can be used to generate insights on the health of a large set of vendors, answering such questions as: Should my organization worry about the security risk that this set of vendors poses to my business? How many vendors are below a tolerable risk level? How many vendors is my organization collaborating with to reduce their cyber security risks? How many vendors improved their security risk profile? This can also be used to look into particular aspects of GDPR compliance for a set of vendors, particularly related to: Effectiveness of technical measures vendors have in place to avoid data breaches. Data breach notification. Safeguards related to data transfers to other jurisdictions. Territorial scope of data processing and storage. Table of Contents Overview Reading This Report Header Quarter to Date versus Previous Quarter Median Rating Vendors with Basic Ratings Vendors Collaborating to Improve Their Ratings Vendors with Improved Ratings Footprint and Security Incidents Footprint (IPs) Security Incidents Analysis and Most Recent Security Incidents Portfolio Risk Vectors Average Grades Reading This Report Header The Header section contains the name of the selected folder and the number of companies contained in the folder. Quarter to Date versus Previous Quarter This section presents quarter-to-date metrics about the companies in your selected folder. Median Rating The median rating of all companies in the selected folder. The upper value is the median rating on the day that the report was generated; the color indicates the current rating category. The lower value (gray) is the median rating registered at the end of the previous quarter. Vendors with Basic Ratings The number of companies in the selected folder that had a rating in the Basic category at the end of the previous quarter. A red downward arrow indicates that there are currently more companies with Basic ratings in this folder than there were at the end of the last quarter. A green upward arrow indicates that there are currently fewer companies with Basic ratings in this folder than there were at the end of the last quarter. To learn more about our rating categories, see What is a Bitsight Security Rating? Vendors Collaborating to Improve Their Ratings The number of companies you're currently collaborating with. A red downward arrow indicates that the current number of companies that are collaborating is lower than the number of companies in the last quarter. A green upward arrow indicates that the current number of companies is higher than the number of companies in the last quarter. Vendors with Improved Ratings The number of companies in the folder that had an increase in their security rating during this quarter. Footprint and Security Incidents This section contains information about the EU vs Non-EU distribution of the vendors' IP address footprint and occurrences of security incidents over the past 12 months. Footprint This section indicates: The number of IPs in this folder in EU and Non-EU jurisdictions The number of companies in this folder that have a footprint in one or both jurisdictions Security Incidents Analysis and Most Recent Security Incidents The Security Incidents Analysis section indicates the number of data breaches that occurred across the vendors in the selected folder in the last 4 quarters, including the current quarter to date. The Most Recent Security Incidents section lists the most recent security incidents at companies in the selected folder. If a breach occurred in a subsidiary of a company in the folder, the breach information will be shown in the list with an asterisk. Portfolio Risk Vectors Average Grades This section provides a breakdown per risk vector of the aggregate performance of the vendors in the selected folder. For each risk vector, the average grade across all companies in the selected folder is shown. The number of companies below that average is shown beneath it. March 9, 2022: Updated screenshots. March 28, 2018: Published. Related articles Windows Extended Support and Extended Security Upgrades (ESU) Bitsight NIST CyberSecurity Framework Report Marsh McLennan Study: Correlation Between Bitsight Analytics and Cybersecurity Incidents Organization: My Company List TLS/SSL Finding Remediation & Remediation Verification Feedback 0 comments Please sign in to leave a comment.