A dynamic assessment approach that supports enterprises and third parties
CyberGRX assessments were designed with practitioners to modernize and streamline redundant and inefficient processes that come with shared and static spreadsheets – for both third parties and their upstream partners. Two of the biggest advantages of the CyberGRX third-party risk assessments:
1. CyberGRX assessments collect data in a structured format
2. CyberGRX provides that data dynamically via an information exchange. The structured format enables organizations to run analytics across collected data so they can derive actionable insights. And dynamic data ensures ordering customers always have up-to-date visibility into their ecosystem while enabling third parties to spend less time manually completing disparate spreadsheets and instead move towards completing one assessment that can be shared with many.
CyberGRX assessments are built on NIST 800-53 v4 and ISO 27001 cybersecurity frameworks and map to many other industry standards. CyberGRX assessments are provided in three tiers, covering low, medium, and high-risk third parties and include corresponding levels of validation – from self-attestation toon-site evidence review–conducted in collaboration with Deloitte.
The assessment features skip-level logic and delegation features, so third parties are only asked relevant questions and can delegate questions to the appropriate departments for greater accuracy. Meanwhile, customers awaiting the completion of a third-party assessment can easily track progress on the CyberGRX dashboard.