Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Framework Intelligence in VRM

Erin Conry

Framework Intelligence (FI) in Bitsight VRM helps you quickly evaluate a vendor’s alignment with industry security standards by analyzing their documentation. VRM allows you to generate FI assessments using vendor documentation already available in your account and review the resulting compliance insights.

FI uses AI to read vendor documents, identify relevant evidence, and match that evidence to the controls of an assessment framework. This provides a fast, consistent way to understand how well a vendor’s security practices meet your requirements. Documents are processed securely, and are deleted immediately after the assessment completes.

Creating Framework Intelligence Assessments in VRM

Framework Intelligence assessments are created directly from the Vendor Profile. This ensures that each assessment is always tied to a specific vendor and allows you to use the documentation already associated with that vendor. 

Vendor Eligibility

Only vendors that have a mapped Bitsight company can support FI assessments. If a vendor does not have a mapped Bitsight company, the menu option Framework Intelligence will not appear in the Vendor Profile.

Vendor Profile

Accessible under Vendor Profile → Framework Intelligence.

This view shows all FI assessments related to a specific vendor and allows you to create additional assessments in that vendor’s context. VRM guides you through a step-by-step wizard designed to streamline the process.

Step 1: Select a Framework

Choose which framework you want FI to use when evaluating the vendor’s documentation.

FI will map evidence from the vendor files to the requirements in that framework during processing.

Step 2: Select Vendor Documents

Choose the documents you want FI to analyze as part of the assessment. VRM brings together all files available for that vendor so you can easily reuse existing materials without needing to request or upload duplicates. This includes:

  • Internal documents your team has uploaded
  • Vendor-shared documents, whether they were shared previously or provided during ongoing assessment 
  • Security profile artifacts shared by the vendor through their profile

All document types appear in a unified list organized by source (e.g., audits, insurances, certifications, internal documents, etc). Unsupported file types appear greyed out for transparency. FI processes files up to the supported size and page limits. 

Step 3: Review and Confirm

Before running the assessment, VRM shows a summary of all your selections so you can ensure the setup is correct.

Step 4: Run the Assessment

Once submitted, you’ll see the assessment progress. FI uses AI to parse the content of the selected documents and identify evidence that matches the framework’s controls. The results are delivered as soon as the analysis finishes.

Analyzing FI Assessment Results

Results are displayed through the Assessment Details View, which matches the structure used in Continuous Monitoring (more details here).

Each assessment includes:

  • A summary of the framework and overall compliance level
  • The list of framework controls
  • Compliance Status (Compliant, Not Compliant, Needs Review) based on the evidence found
  • Evidence counts for each control
  • Risk vectors mapped to each control

You can filter or search within the control list to focus on specific requirements.

Viewing Previously Run FI Assessments

You can revisit past FI assessments at any time:

Under Vendors → Framework Intelligence, you’ll find all FI assessments across all vendors available to you.

Under Framework Intelligence, you’ll see all FI assessments associated with that specific vendor. Each assessment is clickable and opens into the full Assessment Details View.

Summary

With FI integrated into VRM, customers can generate assessments for vendors and fully leverage the documentation already stored in their VRM application—including internal documents, vendor-shared files, and security profile artifacts. 

By consolidating FI assessments within VRM, customers benefit from a more streamlined assessment process, stronger performance visibility across their vendor portfolio, and faster access to meaningful compliance insights.

Was this article helpful?
1 out of 1 found this helpful
Return to top

Related articles

Feedback

0 comments

Please sign in to leave a comment.