0800 358 8999
Spread the love

Leveraging exchange model for managing third parties

A scalable approach to third party cyber risk assessment

CyberGRC Process

Automated assessments via exchange model and risk assessment as a service

Assess once, share many times. CyberGRX is a community model where third parties cancomplete one comprehensive risk-based assessment and share via an exchange. With CyberGRX,assessments can be accessed instantly and drive down delivery times drastically. If a third party is not in the exchange, CyberGRX deploys human capital and Saas platform to manage new third parties through the completion of a new assessment. CyberGRX model accelerates assessment completion and brings in efficiency in risk management allowing you to take confidents decesions.

Analytics Driven Platform

An end-to-end platform, the business will receive real time updates on the progress of assessments. Custom dash boarding and reporting will deliver timely updates and notifications for relevant stakeholders. Analytics drive guidance on third party criticality as well as automated
guidance on remediation via kill chain modeling.

Inherent Risk Assessment

Across the portfolio of third parties, CyberGRX solution can provide a view of inherent risk based on threat intelligence and the contextual relationship between client & Third Party

Visually enhanced interface

  • Assessment Progress Reporting
  • Skip level Style Questionnaire
  • Bi-directional API
  • Remediation Guidance
  • Benchmarking
CyberGRX

Crowdsourcing Response to ‘Impact’ Questions

CyberGRX makes an estimation of the ‘impact’ of a cyber event to customer simply by asking questions of criticality across eight metrics, Because these eight questions are answered for the same third parties by other exchange members, we crowd source responses with the assumption your utilisation of them might be similar. Where user entered data is not available for a specific vendor, the answers will be based on an industry default.CyberGRX 8 Metrics

Multi tiered assessment approach

CyberGRX-Multi tiered assessment approach
CyberGRX provides three tiers of assessment to provide the appropriate level of due diligence for the risks posed by each third party. Additionally, there are various options for validating the assessment, ranging from automated (rules engine and scanning) to remote or onsite validation (human reviewing actual artifacts like pen tests, Soc reports, screen shots, etc).

Tier 1 Self-Assessment; Onsite or Remote Validation:
Our most comprehensive self-assessment typically ordered on Critical risk third parties, is used to gain a vendor’s assertion that controls and subcontrols are in place while the validation exercise includes evidence collection to validate their assertions.

Tier 2 Self-Assessment; Remote Validation:
Our mid-tier self-assessment is generally ordered on High risk third parties. This assessment is used to gain a vendor’s assertion that controls and subcontrols are in place and that the third party can prove their assertions.

Tier 2 Self-Assessment: Automated Validation (Auto)
Our mid-tier self-assessment is generally ordered on High risk third parties. This assessment is used to gain a vendor’s assertion that controls and subcontrols are in place and that the third party can prove their assertions.

Tier 3 Self-Assessment: Automated Validation (Auto)
This is our lowest-tier self-assessment and is generally ordered on low risk third parties.

Conquer the Chaos. Be Cyber Certain.

GET IN TOUCH