Using Assessment Reports

Assessments serve as the foundation of third party risk management (TPRM) programs and as a key part of measuring and monitoring first party risk management (Security Posture Management/SPM) programs. They are a critical part of onboarding new vendors to manage third party risk. They are an essential part of first party risk management to understand how your organization’s security posture fairs against common and custom control frameworks and regulatory requirements. The insights gained from assessments serve as a tool to understand security controls and procedures. The insights can help guide prioritizing remediation in key areas, as well as measure and monitor progress in security posture over time.

Refer to the following instructions for using assessments:

• Flagged Questions
• CSV Export

Flagged Questions

Flagging questions is a way to focus assessments on vendors that need the most immediate attention.. Flagged questions indicate the need for extra attention due to poorly performing risk vectors that describe the state of that question. This highlights where attention and focus are needed the most.

Flags are based on risk vector thresholds. If the average letter grade of the risk vectors that are associated with a question falls below a certain threshold (falls below 3.5/4), the question is flagged as needing attention.

CSV Export

The CSV export that has all the information contained in the report. The exported CSV can be used for downstream post-processing.

Select the Download button at the top-right of the table.