We understand that our customers have limited budgets, so we want to ensure you are directing your resources where they are needed most. 

With a focus on both breadth and depth, CyberGRX allows you to upload your entire third-party portfolio, use data to prioritize your low, medium, and high-risk vendors, and then focus your budget and resources on managing your most critical vendors. With this method, you can feel confident that you have eyes on every vendor while concentrating your efforts on the riskiest vendors using in-depth tools to remediate or mitigate vulnerabilities. Our model helps you “right-size” your TPRM program, both in managing your risks and where to spend your resources.

Our model is designed to provide your TPRM program with the appropriate breadth of resources to gain portfolio-wide visibility while giving you the depth of data necessary to secure against your riskiest vendors. All customers begin with building a Third-Party Portfolio (TPP) offered at a flat fee based on the number of third parties in your portfolio. Then, once you understand the risk inside your portfolio, you choose which vendors to move into Third Parties Under Management (TPUM), gaining access to robust data sets to help you make informed risk decisions.

In the Third-Party Portfolio (TPP) tier, you immediately gain access to the following features:

• Portfolio Management - A centralized dashboard to monitor assessment status and view critical Exchange information regarding the vendors in your portfolio.
• Auto-Inherent Risk - A risk ranking and prioritization feature to help you understand which vendors in your portfolio pose low, medium, and high exposure based on your relationship with the vendor.
• Portfolio Risk Findings - Select a framework of choice and uncover which vendors are the poorest performers or which unmet controls have the highest number of vendors. 
• Risk Monitoring and Alerting - Receive near real-time alerts for vendors whose vulnerabilities are at risk with special reporting that allows you to begin mitigation.

In the Third Parties Under Management (TPUM) tier, you gain access to the following features:

• Attack Scenario Analytics - Use attested or predictive data to understand any vendor’s level of risk when compared to key security categories of the MITRE ATT&CK™ framework and discover potential areas of vulnerability.
• Framework Mapper - Measure any vendor in your portfolio against a library of frameworks, industry, or cyber threat profiles to uncover specific gapped controls and begin remediation tactics. 
• Attested Data - Drastically reduce the number of assessments you request by accessing the world’s largest third-party cyber risk Exchange, comprised of over 14,000 attested assessments and over 85% of the most requested third parties.
• Predictive Data - Stop assessment chasing and accelerate your decisions with Predictive Risk Profiles (US Patent Pending). Predictive data, with an accuracy rate of up to 91%, is especially beneficial for vendors who do not have an attested assessment or are low-risk and don’t require deeper evaluation.

While you can move new vendors under management as needed, swapping in and out of TPUMs is unavailable.

Great question! Simply complete the form above, and a sales representative will reach out to book a convenient time to connect.