The Fundamentals of Scoring and Reporting

Objective measurement is important for monitoring vendor security performance, especially when you have a wide variety of vendors throughout the organization. Keeping a consistent and easy to understand scoring system will improve decision-making, enhance visibility, and demonstrate the value of the vendor security program to the organization.

ThirdPartyTrust performance metrics are robust and holistic. From the dashboard to the underlying scoring, it is a customizable system to support methodologies for detailed risk assessments. Qualitative and quantitative tools help assess and prioritize risk, as well as manage hundreds of vendor assessments.


A Formula for Understanding Risk

ThirdPartyTrust business impact scoring is simple. Utilizing pre-built or customized metrics, teams can score the potential impact a vendor may have on the business. Metrics include but are not limited to, ease of replacement, criticality of service, number of records and contract size. 

The trust score is calculated to provide an understanding of how trustworthy this vendor is based on information provided by the vendor and data gathered externally. Scores can be adjusted for cause. Information provided by the vendor includes:

    • Questionnaire scores
    • Evidence of certificates and insurances
    • External audits and assessments

The risk score is a fusion of trust and impact and provides a holistic understanding of your dependency on the third party.

Advanced Assessment Scoring

To make customized assessments or industry standard security questionnaires simpler to analyze, ThirdPartyTrust has created a scoring system to help security analysts understand how a vendor has answered important questions.

To begin, both questions and answers are scored for their importance by the security team. For example, if a question addresses encryption and the team feels this is an important question, then the answer to that question will have a stronger influence on the security questionnaire score than others. The security questionnaire score is then considered in the trust score. All of this scoring happens automatically and can be used to develop a robust hierarchical weighted scoring framework inside assessments.

“Also, a nice dashboard showing us at a glance, our vendors and their risk posture throughout our organization.”

Information Business Liaison, Trustmark Companies

Start using advanced questionnaires and scoring to tier vendors