Once a company has decided to purchase a tool to help manage third-party risk, they are faced with a few choices based on how software companies are working to streamline and strengthen the process.
One of the primary differentiators for CyberGRX is our exchange model. Rather than maintain a one-to-one relationship between companies and their third parties, we opted to enable a community of risk professionals to work together toward a common goal of decreasing third-party risk.
An exchange empowers this process in many ways for all involved stakeholders, but here are a few of the more important ones:
Become the Destination
A populated exchange becomes the destination for customers and third parties to connect based on a common need to conduct and exchange risk assessment information, perform risk analysis, and perform risk management. The exchange also provides a common vocabulary to enable efficient risk information exchange across diverse users and organizations in order to identify and reduce risk present in their business relationship.
Scale Beyond Constraints
An exchange reduces assessment burden and allows third parties to take a single standardized assessment and share it with their upstream customers, dramatically reducing the effort to respond to multiple assessment requests. This will enable third parties to divert resources to more value added risk management and mitigation activities rather than responding to assessment requests. Additionally, the exchange enables assessment currency as a third party can update their assessment responses at any time, providing the latest control improvements to their customers without having to wait for a re-assessment period.
Customers can experience a per-assessment cost reduction as an assessment cost is lowered by being shared across all of the requesting customers, enabling companies to assess more of their third parties and enhancing their ability to make risk-based decisions across their third-party ecosystem. Customers also experience reduced time-to-results since third parties with assessments in the exchange can authorize the sharing of their assessment results instantaneously.
Leveraging the data contained within the exchange allows anonymized benchmarking across various groups such as industry or company size can indicate how a company’s security performance stands in relation to it’s peers. While advanced risk-aware analytics enables users to perform risk analysis across an ecosystem of third parties by integrating data feeds, attack scenarios, assessment responses, and customer-to-third-party relationship information.
Leverage the Community
Some third parties will frequently reject an assessment request. However, the community enables strength in numbers so companies can virtually band together through assessment orders and influence reluctant third parties to complete and share their assessment results. Further, third parties with assessments in the exchange are more likely to authorize requests for their data since they do not need to complete yet another assessment and can simply authorize access to their results as needed.
The value of an exchange to its users not only increases over time as more participants actively contribute, but the exchange itself can increase in value through integrations and partnerships. Examples of this can include connectors to various systems used by the community to drive action from the outcomes of assessments, integrations with related products that can provide additional data or insights to your risk posture, or additional features enabling users to more easily identify and take action on those risks.
The power of an exchange lies not just in the ease of storing, analyzing, and sharing data in the cloud, but ultimately in the community participating in the exchange.
DIRECTOR OF PRODUCT