We’re closing a year of full growth at ThirdPartyTrust. Despite the challenges 2020 posed for our industry (and the world), our platform continued to incorporate new features to make third-party risk management easier for enterprises and their vendors. This blog looks at the main product releases of this year.
We’d also like to acknowledge some achievements. On average, across our entire customer base, this year we have reduced due diligence workload by 75% for vendors, who appreciate the ability to centralize all their questionnaires, certifications and attestations, and simply share their security profile with customers instead of starting from scratch on every security request.
At the same time, we helped organizations of several industries reduce their assessment workaround from an average of 15 days to an average of 2 days, by means of workflow automation and streamlined communication with third-parties. You can learn more about these achievements in our Case Study library.
ThirdPartyTrust Feature Releases in 2020
You might already know that our platform serves both enterprises performing third-party risk assessments (Enterprise offering), and third-parties answering to due diligence requests (Beacon offering). This allows us to help organizations reduce redundancies and inefficiencies involved in both sides of third-party risk assessments.
Let’s explore all feature releases of 2020. If you’re not using ThirdPartyTrust yet, we hope this makes you want to try it!
New Questionnaires: AWS, CCPA, SIG Lite 2021 and SIG Core 2021
The new AWS Security Core Assessment Toolkit introduced to our platform assesses the AWS security configurations of your vendors and your own AWS instances. It was developed by RiskRecon in conjunction with Stratum Security, and added to the ThirdPartyTrust platform by means of our RiskRecon integration.
The California Consumer Privacy Act (CCPA) Readiness Assessment evaluates if third-parties are ready to address the accessing and processing of personal information regarding California residents.
Furthermore, BITS SIG Lite 2021 and BITS SIG Core 2021 are now available in ThirdPartyTrust. The Standardized Information Gathering (SIG) Questionnaire Tools allow organizations to build, customize, analyze and store vendor questionnaires. Built on best practices, they provide standardization and efficiency in performing third-party risk assessments.
Our Scans tab shows a combination of cybersecurity ratings that describe the strength of an organization’s security posture, based on a calculated score. We have several partners who supply this information to our platform for a 360°, integrated view of the vendor ecosystem.
Here’s what’s new.
RiskRecon Community View now available to ThirdPartyTrust users
The RiskRecon Community View is now available to ThirdPartyTrust users, so API integration is no longer needed. This provides a strong indicator of vendor performance, enabling you to prioritize assessment resources towards the lower performing vendors and away from the high performing ones.
Introducing Privacy Score by Osano
Osano provides a privacy score for vendors, while monitoring any changes to their privacy policies to reassess and update the rank as applicable.
Introducing BlueVoyant Scores
BlueVoyant integrates technology, intelligence, and expertise to help organizations obtain clear visibility into cybersecurity risks across their vendor ecosystem by proactively identifying, prioritizing, and managing remediations through direct communications with impacted vendors.
If you have a subscription with Blue Voyant, you can now integrate with them in ThirdPartyTrust and retrieve their data to our dashboard.
BitSight Integration: New Features
ThirdPartyTrust seamlessly integrates BitSight’s continuous monitoring and threat intelligence data into the platform to provide the most robust dataset on the market for making vendor risk decisions. Combining data and workflow automation functionality makes it easier to assess and monitor any third-party’s security posture.
As part of our long-standing integration, we have introduced some new features for those that have a BitSight subscription.
1. The ability to select a BitSight subscription type: Continuous Monitoring or Alerts Only
ThirdPartyTrust is the only TPRM workflow platform where customers can subscribe to and switch between “alerts only” and “continuous monitoring” licenses in-app.
2. Trendline for “Alerts Only” licenses
Users can now see a company’s security ratings trend for the past 12 months, which gives a quick view at their highest and lowest points. See the example below.
3. Introducing BitSight Findings
We’ve introduced the capability to open findings on a BitSight report by simply clicking a “Create Finding” button and selecting a criticality. This triggers an email to the vendor during the following day, so they can take care of the gap or action item.
More options to get a sense of trustworthiness of your vendors even before connecting with them: RiskRecon, BitSight now can be used in the trust score calculation
Timestamp for vendor assurance review
When your vendors provide assurances, such as Cyber Liability Insurance, a Penetration Test, or a Soc 2 Type II, you can go through them and click the “Set as Reviewed” button. This will add a timestamp including the reviewer, date, and time for future reference.
Display the Questionnaire Score that includes Findings deductions
The ThirdPartyTrust dashboard shows three important metrics about vendors: the Risk Score, the Impact Score, and the Trust Score. When creating a finding in a questionnaire, the Trust Score is directly impacted.
This new setting allows you to see what the questionnaire score would be with the finding points deducted.
The deduction is displayed in the questionnaire each time you create a finding, and the score will be updated accordingly.
Shareable Custom Questionnaires
Apart from centralizing and sharing all their standard questionnaires, as of 2020 Beacon customers can also create custom questionnaires, answer them, and have them become part of their security profile.
This saves a lot of time and effort, as companies can securely share a single security profile, and avoid starting from scratch on every customer security assessment.
Adding Comments to Scans
Our Scans tab shows the results of third-party risk intelligence and daily monitoring, providing key metrics and changes on third-party relationships.
We have now added the possibility for vendors to comment on their scans, so they can provide their input, background or additional information regarding the ratings that the partner scan provider has reported on. This constitutes one more step towards fluent communication.
Marking Assurances as Not Available in Bulk
ThirdPartyTrust Enterprise customers can create grouped requirements, in which any of the assurances listed are required. Now, vendors can mark them all as not available by simply pressing on the group red “x” icon.
This might seem a small UI improvement, but it means a lot of time saved! With this same logic, we added the possibility for vendors to indicate that they do not have Certifications, Insurances or Audits by marking them as not available using just one button. If they do, a modal window will pop open, where the vendor can enter their explanation.
As our Product Manager put it:
To learn more about how ThirdPartyTrust can help you streamline your TPRM program, request your free trial now: