The Fundamentals of Scoring and Reporting

Objective measurement is important for monitoring third-party security performance across the organization. A consistent and easy to understand scoring system will improve decision-making, enhance visibility, and demonstrate the value of the program.

ThirdPartyTrust performance metrics are robust and holistic. From the dashboard to the underlying scoring, it is a customizable system of qualitative and quantitative tools to help assess and prioritize risk, as well as manage hundreds of third-party assessments.

words

A Formula for Understanding Risk

Utilizing pre-built or customized metrics, teams can score the potential impact a third-party may have on the business. Metrics include but are not limited to: ease of replacement, criticality of service, number of records and contract size.

The trust score provides an understanding of how trustworthy this third-party is based on information provided by them and data gathered externally. This might include:

  • Questionnaire scores
  • Evidence of certificates and insurances
  • External audits and assessments

The risk score is a fusion of trust and impact and provides a holistic understanding of your dependency on the third-party.

Advanced Assessment Scoring

To make customized assessments or industry standard security questionnaires simpler to analyze, ThirdPartyTrust has created a scoring system to help security analysts understand how a third-party has answered important questions.

Both questions and answers are scored for their importance by the security team. The security questionnaire score is then considered in the trust score. All of this happens automatically and can be used to develop a hierarchical scoring framework inside assessments.

dashboard