Collaboration Outreach Workflow

Refer to this workflow to invite your third parties to collaborate via the Client/Vendor Access Program.

How to send an EVA

1. Select a Vendor
2. Send an Invite
3. Collaboration
4. Extend Access

For any questions or comments on any part of this workflow, please contact Bitsight Customer Success.

1 – Select a Vendor

Select a vendor you would like to collaborate with and enroll in the Client/Vendor Access Program. If a vendor is not available in the Bitsight inventory, submit a company request to have them added to our inventory.

2 – Send an Invite

While viewing the vendor’s Vendor Overview page [ Vendor Risk ➔ Overview ➔ Vendor Access ➔ Enable Vendor Access].

If the recipient is not responsive, refer to Common Challenges with Access Request Invitations.

Sending an invite issues two emails:

• An introductory email to establish credibility and trust between you (the sender) and the recipient.
• An activation email that includes an activation link to access the Bitsight platform. This is sent to only the recipient for privacy.

Invitation Details

The invitation form contains the following items:

* Required.

Section: Details

Details of the collaboration outreach.

Collaboration Reason

* Required.

The reason for the request.

• Informational: Provide general information on Bitsight and Bitsight Security Ratings.
• Remediation: Address concerning areas of risk in the recipient’s current rating.
• Validation: Validate topics of interest, such as ensuring the infrastructure best represents the organizations, determining the impact of data for review, etc.
• Other: Unspecified reason.

Message

Any additional details regarding your collaboration outreach.

Items for Review

Supporting data can be shared as context for your collaboration outreach, which provides a starting point for discussions around how they can address the security issues that are most important to your organization.

Select up to 10 of a vendor’s findings. The associated risk vector will be selected in the Items for Review field of the invitation form. Findings can be selected from the following areas:

• Assessment Reports
• Findings
• Security Ratings Changes: Select the Share button while viewing changes to your third party’s security posture from the Security Ratings panel and highlights.

IP addresses are hidden from the sender for privacy. The introductory email includes the revealed IP addresses of relevant findings.

Section: Recipients

Recipients of the introductory email.

* Required.

Company Assigned Recipient

* Required.

This vendor has assigned a user as their collaboration contact to receive invitations. To respect the privacy of this user, their user details (name, email, etc.) are not available.

Additional Recipient

If the vendor has not assigned a collaboration contact, you can enter the following information:

• Contact’s Email
• Contact’s Full Name

Assign CCs

CC additional contacts on the introductory email. They don’t need to be part of the recipient’s organization or have access to the Bitsight platform. They do not receive an activation email. Include:

• Contact’s Email
• Contact’s Full Name

CC Bitsight users

CC users in your organization on the introductory email. They do not receive an activation email.

3 – Collaboration

Engage with recipients if they haven't gotten set up yet. After they've activated their account, work with your contact to help them understand their security rating.

• Use features like finding comments and messaging to communicate where they should focus their attention.
• Check in on the status of your requests from the Collaboration Outbox [ Collaboration] or Enable Vendor Access card in your Portfolio Dashboard.

4 – Extend Access

Full access is given to the recipient for 45 days. After 45 days, they get core access. Should the recipient require more time with full access, you can send them another invite to give them a 45-day extension.