What is the difference between the three Tiers of assessment?

The three Tiers of assessment differ in both levels of due diligence, as well as validation of evidence.

Tier 1: Our most comprehensive assessment addresses high-risk third parties or vendors who handle extremely sensitive customer data. Includes a long-form vendor questionnaire, followed by a professionally assessed evidence review to validate control maturity and effectiveness.

Tier 2: Our mid-tier assessment is structured for medium-risk third parties. An abbreviated third-party questionnaire is followed by automated validation through a rules engine based on proprietary algorithms to identify inconsistencies in the assessment responses.

Tier 3: Our basic assessment, designed for low-risk third parties, includes a short-form third-party questionnaire followed by self-attestation. 


Next: How Does CyberGRX Compare with Security Scorecard or Bitsight?