CM App: Companies List Ingrid The Companies List (which contains folders, subscriptions, and tiers) allows you to: Get deep insights into portfolio quality. Organize companies into folders or tiers. Share your folders with colleagues. Search for companies affected by vulnerabilities or particular infections. Download portfolio reports, industry ratings, or company ratings. View any company in your portfolio. Identify third party risk that requires review or action with the Action Plan. Navigation Options CM App: Portfolio Risk ➔ Companies List. Select the Download button at the top-right to download your Companies List (.csv). Search Refine your Companies List by using: The context switcher at the top actions bar filter by your portfolio. The search bar at the top-right of the table to search for a company by their name or domain. Apply filters to filter the data in the table. If a company is not yet listed, submit a request to add that company to the Bitsight inventory (company request). Fields ❖ Select the Customize Columns button to customize fields that are included in the table. Field Description Actions Use the Options button to take actions, use reports, or view Bitsight for 4th Party data. Edit Details: Edit the company’s details (company relationship and benchmark). Add to Folder: Add the company to a folder. View Findings: View the company’s findings. View Remediation: See the company’s remediation overview. Add/View Notes: Use company notes. This column cannot be removed. Company The name of the organization. Industry❖ The primary industry sector of the company. Life Cycle The life cycle stage. Primary Domain❖ The main website associated with the organization. Relationship The company relationship. Security Rating A number from 250 - 900 indicating the organization’s security performance. The upper and lower edges of this range are currently reserved for future use. The current achievable range is 300-820. Sub-Industry❖ The more granular industry of the company. Subscription Type How your organization is subscribed to the company. Subscription types dictate the length of access and level of detail. Tier Companies in Tiers, prioritized by inherent risk. Trend A visual representation of the company’s Bitsight Security Ratings during the last year. Filters Use the following filters or select a filter set to refine your search. Filter Description Values Folder Companies in folders, categorized by the importance of the company. Folder name. Tier Prioritize portfolio companies based on their criticality to your organization and their security risk. Tier name. Untiered. Subscription Type Filter by subscription type. Subscription name. Vendor Action Plan The level of action to take. Action plan. Relationship The type of relationship between your organization and a particular company. Relationship type. Life Cycle Stages of a portfolio company’s life cycle in your TPRM program’s operational workflows. Life cycle stage. Security Rating A number between 250 to 900 representing a company’s cybersecurity posture. Security ratings range. Industry The company’s industry. Industry name. Country Companies with at least 1 IP address that geolocates to the selected country. Country name. Rating Type The type of Bitsight Security Rating Report. Curated Automated Private Self-published Risk Vector Grade How a company is performing in particular risk type. Letter grades A through F. Infections Companies affected by selected infections. Malware name. Vulnerabilities Companies that are affected by a particular flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy. Vulnerability name or Common Vulnerabilities and Exposures (CVE) identifier. Open Ports Ports that are exposed to the internet. Service type (detected, typical, potentially vulnerable). Port number. Public Disclosures Possible incidents of undesirable access to a company’s data. Incident category: Breach General Other Software Find third parties that are using unsupported software (out-of-date, missing latest vendor updates). They are open to certain security risks until they update. Software support status. Software name. Service Provider Companies that handle or deliver services for other companies, such as web hosting, certificate signing, cloud infrastructure services, and email hosting. Service provider name. Service Provider Companies that handle or deliver services for other companies, such as web hosting, certificate signing, cloud infrastructure services, and email hosting. Service provider name. Product Products provided by a service provider. Product name. Product Type The product's business function. Product type. September 4, 2025: Automated report update. July 28, 2023: “TPRM” app renamed to “Continuous Monitoring.” March 10, 2023: Specified app. April 13, 2022: Filter sets now available. Related articles Continuous Monitoring Application CM App: Portfolio Dashboard Vendor Risk: Remediation TLS/SSL Configuration Findings TLS/SSL Finding Remediation & Remediation Verification Feedback 0 comments Please sign in to leave a comment.