Risk Program Setup: Tier Settings Ingrid The Tier Settings page in the Continuous Monitoring application [ Risk Program Setup ➔ Tier Settings] allows you to set risk thresholds for your tiers, as visually depicted by the Portfolio Risk Matrix. Use this page to: Apply global or group tiers. Global Tiers: All companies for all users. Group Tiers: Set up tiers that are specific to Access Control Groups. Configure up to 5 tiers with custom names and descriptions. Configure companies in your portfolio into tiers. Assign an assessment to a tier. The Tier Settings page is only visible to users that have tier management permissions. See tiering user permissions. Refer to the /tiers API endpoint to configure tiers via the Bitsight API. Creating Tiers Adding Companies Into Tiers Tier Options Tier Recommender Creating Tiers Use the Create Tier link below the tiers to create a new tier. There can be up to 5 tiers. Click and drag a tier to re-order tiers from highest to lowest criticality and security risk. To set up group tiers, an Admin must enable the Company Details option for your group from the Groups tab. The Manage Group Tiers/Restore Global Tiers button will then be available at the top-right of the Tier Settings page. Once tiers are set up, the Portfolio Risk Matrix is automatically displayed in your dashboard. We suggest creating the following tiers: Tier 1: Critical. Vendors who are essential to your business, have direct or indirect connections into your network, are responsible for sensitive or regulated information, or with whom you have significant financial investments Tier 2: High. Vendors with partial access to highly sensitive data or your network. The use of these vendors impacts daily operations, but service interruptions may not stop operations completely. Tier 3: Medium/Low. Vendors with partial access to systems with whom you have limited financial investment. Daily operations can continue without these vendors for short periods. Adding Companies Into Tiers To add (or remove) a company to a tier: Use the Companies List page to search for companies to edit. Edit from the Relationship Details panel. Tier Options Select Options to edit a tier, delete a tier, configure alerts for a tier, or assign an assessment to a tier. Option Description Edit Tier Edit the tier details, set risk thresholds, and assign assessment. Tier Details Edit the name and description of the tier or add companies to the tier. A company can be assigned to one tier at a time. You can also add companies in bulk using the provided portfolio filters. Risk Thresholds Set the security rating risk thresholds for companies in this tier to determine the tier’s position in the Action Plan. Assessment Select an uploaded assessment to automatically associate with companies in this tier. Delete Tier Delete a tier. Configure Alerts Configure alerts for a tier. Tier Recommender The tier recommender helps make intelligent decisions around tiering and makes onboarding new vendors to your Third Party Risk Management (TPRM) program faster. Tier recommendations are based on: Network intelligence via the Bitsight inventory. Machine learning that provides insight into the best practices of over 30k tiered companies (and growing). Combined, we’re able to bring intelligent recommendations to the vendor tiering process with a model that gets better and smarter over time. Recommendations can be accessed if you have tiers set up for your account. They can be accessed at all the key points in the Tiering workflow for a selected company, including at the time of subscription, from the Relationship Details panel of a company's Overview page, or from the Portfolio page. Configure your third parties into tiers from the following pages: Access Control: Groups Tab If you’re an Admin, use the Groups tab in the Access Control page to enable tiering for groups. Portfolio Risk Matrix Access the Tier Settings page from the Edit Tiers and Thresholds link at the top-right of the Portfolio Risk Matrix. Tier Settings Create, delete, or edit tiers. Set up alerts for tiers. Configure risk thresholds. Vendor Overview Select Edit in the Company Information sheet on the right. API: GET: Tiering Recommendation [/v1/companies/company_guid/tier/recommendation] January 27, 2025: Moved to Risk Program Setup section. January 16, 2024: Added suggested tiers. May 18, 2022: Now available to all TPRM customers. Related articles Portfolio Risk Matrix Tiers Vendor Risk: Assessments What is a Bitsight Security Rating? Finding Behavior Feedback 0 comments Please sign in to leave a comment.