Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

Vendor Risk: Overview [Legacy]

Avatar
Ingrid
Follow
  • September 19, 2023: Vendor Risk: Overview now available.
  • November 21, 2022: Added Company Access, Reports and Assessments, and Actions.
  • November 15, 2022: Enhanced Ratings now available.

Vendor Risk: Overview now available.

The Vendor Overview page in the Vendor Risk menu provides an overview of the company and their Bitsight Security Rating data.

CM App: Vendor Risk ➔ Overview

Panels

Use the context switcher to select from one of your subscribed or your most recently viewed companies. The data on the Overview page synced to the selected company.

Panel Description
Rating

This company’s rating information.
Rating Related Risk Quickly assess the risk of a ransomware or data breach incident at this company.
Company Info

This company’s information, including:

  • A description of the company, which can include their overall business, services, and headquarter location.
  • Homepage: The company’s primary home webpage.
  • Industry: The industry of this company.
  • Monitored by: The number of distinct Bitsight customers that currently have this company in their portfolios. This number includes the current customer if they are looking at the Monitoring Count for their My Company. If the Monitoring Count is 1, no other customers subscribe to this company.
Security Ratings & Highlights A 1-year history of this company’s Bitsight Security Rating and rating highlights.
Relationship Details The relationship details between this company and your organization.
Bitsight for 4th Party If you are subscribed with Bitsight for 4th Party Risk Management, the following 4th Party information is displayed:
  Top Service Providers Service providers with the highest number of companies in your portfolio that depend on them.
Top Products Products with the highest number of companies in your portfolio who are using them.
4th Party Public Disclosures

Recent Public Disclosures affecting your 4th parties.

Select the Options button at the top-right to configure the date range:

  • 7 Days
  • 30 Days
  • 90 Days
Action Plan Automatically groups third parties into actionable phases based on criticality (defined by tier) and security risk (rating category). It also provides a Risk Summary based on the company’s Life Cycle Stage.
Life Cycle Stage Provides the guidance and context needed to support informed decision making - during the Onboarding, Monitoring, and Re-Assessment stages.
Rating Overview A summary of how well this company is managing each risk vector.
Infections Infections within this company, which are when devices or machines in an organization’s network show symptoms of malicious or unwanted software.
Confirmed Vulnerabilities Vulnerabilities within this company, which is a flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy.
Compromised Systems This company’s Compromised Systems details from this week, the past year, and their average event duration. Select View Details to view their Compromised Systems finding details.
Remediation Strategy Highlights findings that have had the highest impact on the company’s security rating during the last 60 days.
Diligence The company’s Diligence details during the last 60 days. Select View Details to view their Diligence finding details.
Network Footprint A map of the company’s global network footprint.

Company Access

Use the Company Access button at the top-right to invite the selected organization to collaborate via the Enable Access Program or view previous collaboration.

Reports and Assessments

Select Reports and Assessments at the top-right to download any of your assessments and the following reports:

Report Description
Company Overview Get an overview of your security performance, a summary of the findings, and comparisons to industry averages.
Company Preview Compare a selected organization to its industry peers and provides indications for how the organization is performing in relation to the risk vectors during the last quarter.
ISO/IEC 27001 Get a high-level summary of your compliance with ISO/IEC 27001:2013 using security ratings, risk vectors, and data as supporting evidence for compliance.
NIST CSF Get a high-level summary of your compliance with the US National Institute of Standards and Technology's cybersecurity Framework using our risk vectors and existing data as evidence.
Risk Summary Highlights the worst performing, critical areas for this company relative to Bitsight-recommended peers.

Actions

Use the Actions dropdown at the top-right to complete any of the following actions:

Action Description
Add/View Notes Access your company notes about this company.
Compare Do a comparison for this company.
Add to Folder Add this company to a folder.
Edit Tier Edit this company’s tier.
Unsubscribe Unsubscribe from this company.
Service Providers See this company’s service providers.
Products See products used by this company.

Related articles