BitSight Security Ratings for Vendor Risk Management provide organizations with continuous, data-driven measurements of security performance on third parties. These ratings enable organizations to measure the effectiveness of security controls within the networks of their third party vendors or suppliers.
The integrated BitSight and Brinqa solution for Vendor Risk Management is the first of its kind to combine previously disparate aspects of a vendor’s evaluation and rating to provide a perspective on vendor management that is uniquely comprehensive. Benefits include:
The Complete Picture
The integrated solution considers all aspects of a vendor’s profile and its usage within the organization. Risk classifications established in Brinqa take into account the inherent nature of the vendor, its unique place in the organization’s business hierarchy and how it is engaged within the organization. The subsequent control assessments conducted reflect all classification considerations and represent the exact control implementation expectations governed by these considerations. BitSight Security Ratings provide a truly objective representation of the vendor’s security posture. The combination of the two results in a representation of the vendor that is unique to the vendor’s impact to the organization while at the same time grounded in facts.
Formal but Agile
Brinqa Vendor Risk Management puts forth a formal structure to evaluate vendors on an ongoing and periodic basis including roles and responsibilities, optimal information flow models and scoring and rating mechanisms. The formal model is enhanced with daily BitSight Security Ratings to provide continuous, objective monitoring.
Automated Comprehensive Validation
Organizations spend considerable time, resource and money in an effort to validate the control measures represented by vendor responses to control assessments. Even after incurring these costs, validation covers a small fraction of the assessment scope. Detailed BitSight external compromise and diligence rating vectors provide the most extensive platform for validating the widest variety of vendor controls in an automated manner.
The integrated solution provides a central platform for analysis, rating and governance of all threats and gaps, whether identified internally or externally. The common medium promotes the understanding and addressing of gaps that are otherwise hidden under layers of complicated security data.
BitSight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company’s Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations manage third party risk, benchmark performance, and assess and negotiate cyber insurance premiums. Based in Cambridge, MA, BitSight is backed by theNational Science Foundation, Commonwealth Capital Ventures, Flybridge Capital Partners, Globespan Capital Partners, and Menlo Ventures. For more information, please visit www.bitsighttech.com or follow @BitSight on Twitter.