- May 18, 2022: Now available to all TPRM customers.
- January 13, 2021: Relationship Details combined with Company Info when viewing your My Company or SPM Subsidiary.
- November 11, 2021: Added navigational instructions for the Continuous Monitoring application.
Tiering is one of the first steps in the TPRM process and it sets the stage for everything that follows.
This feature is available to all TPRM customers.
- Apply global or group tiers.
- Global Tiers: All companies for all users.
- Group Tiers: Set up tiers that are specific to Access Control Groups.
- Configure up to 5 tiers with custom names and descriptions.
- Configure companies in your portfolio into tiers.
- Assign an assessment to a tier.
The Tier Settings page (formerly known as “Manage Tiers”) allows you to set risk thresholds for your tiers, as visually depicted by the Portfolio Risk Matrix.
Navigation Options
CM App: Risk Program Setup ➔ Tier Settings
Refer to the /tiers API endpoint to configure tiers via the Bitsight API.
Creating Tiers
Use the Create Tier link below the tiers to create a new tier. There can be up to 5 tiers.
Click and drag a tier to re-order tiers from highest to lowest criticality and security risk.
To set up group tiers, an Admin must enable the Company Details option for your group from the Groups tab. The Manage Group Tiers/Restore Global Tiers button will then be available at the top-right of the Tier Settings page. Once tiers are set up, the Portfolio Risk Matrix is automatically displayed in your dashboard.
Adding Companies Into Tiers
To add (or remove) a company to a tier:
- Use the Companies List page to search for companies to edit.
- Edit from the Relationship Details panel.
Tier Options
Select 
Options to edit a tier, delete a tier, configure alerts for a tier, or assign an assessment to a tier.
| Option | Description | |
|---|---|---|
| Edit Tier | Edit the tier details, set risk thresholds, and assign assessment. | |
| Tier Details |
Edit the name and description of the tier or add companies to the tier. A company can be assigned to one tier at a time. You can also add companies in bulk using the provided |
|
| Risk Thresholds | Set the security rating risk thresholds for companies in this tier to determine the tier’s position in the Action Plan. | |
| Assessment | Select an uploaded assessment to automatically associate with companies in this tier. | |
| Delete Tier | Delete a tier. | |
| Configure Alerts | Configure alerts for a tier. | |
Tier Recommender
The tier recommender helps make intelligent decisions around tiering and makes the process of onboarding new vendors to your Third Party Risk Management (TPRM) program faster.
Tier recommendations are based on the following data sets:
- Insights into network intelligence via the Bitsight inventory.
- Leverages machine learning to provide insight into the best practices of over 30k tiered companies (and growing). Combined, we’re able to bring intelligent recommendations to the vendor tiering process with a model that gets better and smarter over time.
Recommendations can be accessed if you have tiers set up for your account. They can be accessed at all the key points in the Tiering workflow for a selected company, including at the time of subscription, from the Relationship Details panel of their Overview page, or from the Portfolio page.
Configure your third parties into tiers from the following pages:
| Page | Description |
|---|---|
| Access Control: Groups Tab | If you’re an Admin, use the Groups tab in the Access Control page to enable tiering for groups. |
| Portfolio Risk Matrix | Access the Tier Settings page from the Edit Tiers and Thresholds link at the top-right of the Portfolio Risk Matrix. |
| Tier Settings |
|
| Vendor Overview | From a company’s Vendor Overview page, select the Edit button in their Relationship Details panel to assign the selected company to a tier. |