Assessments serve as the foundation of third party risk management (TPRM) programs and as a key part of measuring and monitoring first party risk management (Security Performance Manage/SPM) programs. They are a critical part of onboarding new vendors to manage third party risk. They are an essential part of first party risk management to understand how your organization’s security posture fairs against common and custom control frameworks and regulatory requirements. The insights gained from assessments serve as a tool to understand security controls and procedures. The insights can help guide prioritizing remediation in key areas, as well as measure and monitor progress in security posture over time.
Refer to the following instructions for using assessments:
Flagged Questions
Flagging questions is a way to focus assessments on vendors that need the most immediate attention.. Flagged questions indicate the need for extra attention due to poorly performing risk vectors that describe the state of that question. This highlights where attention and focus are needed the most.
Flags are based on risk vector thresholds. If the average letter grade of the risk vectors that are associated with a question falls below a certain threshold (falls below 3.5/4), the question is flagged as needing attention.
CSV Export
The CSV export that has all the information contained in the report. The exported CSV can be used for downstream post-processing.
- October 29, 2024: Assessments navigation instructions moved from Risks to the Organization section in the menu.
- September 17, 2024: Assessments available for Security Performance Management.
- November 17, 2021: Updated navigation instructions.
Feedback
0 comments
Please sign in to leave a comment.