Frequently asked questions about Tier 3 Assessment deprecation:
- Why are Tier 3 assessments being deprecated?
- When will Tier 3 assessments be fully deprecated?
- What are the benefits of a Tier 2 assessment over a Tier 3 assessment?
- While I wait for a Tier 2 assessment to be completed, how can I use CyberGRX data to make TPRM decisions?
- What if my third party chooses not to take a Tier 2 assessment?
Why are Tier 3 assessments being deprecated?
As we analyzed the effectiveness of our tiered assessment approach, it was clear that a change is needed to provide both our customers with a deeper depth of data while continuing to support our third parties in effectively communicating their risk reputation.
Using advanced machine learning on our database of over 13,000 attested assessments, we created Predictive Risk Profiles (U.S. Patent Pending) that can answer, with up to 91% accuracy, how a third party would respond to an assessment on a sub-control level similar to our Tier 2 assessments. This solution offers a higher fidelity level of data than a Tier 3 assessment. In addition, this predictive data is available immediately without waiting for assessment completion.
When will Tier 3 assessments be deprecated?
Beginning May 31, 2023, no new Tier 3 assessments can be requested within the platform or from our API. If you have a Tier 3 assessment in progress, it will continue to go through as ordered, while any Tier 3 refreshes that occur after May 31, 2023, will be moved to a Tier 2 assessment.
What are the benefits of a Tier 2 assessment over a Tier 3 assessment?
Tier 2 assessments provide more specificity than a Tier 3 assessment and will help better inform decisions from a security perspective. The Tier 2 assessment questions don’t just ask more questions about whether you do a particular action but ask how you do it. Moving from a basic question to a more detailed one provides an answer which drives a better understanding of a control’s coverage to offer more confidence in your insights and findings.
While I wait for a Tier 2 assessment to be completed, how can I use CyberGRX data to make TPRM decisions?
Customers can leverage the power of CyberGRX’s Predictive Risk Profiles (U.S. Patent Pending), with up to 91% accuracy, on any vendor. The fidelity of our predictive data is on par with or surpasses that of a Tier 3 assessment, so your organization can benefit from quality data immediately with no delay in your decision-making.
What if my third party chooses not to take a Tier 2 assessment?
All existing Tier 3 assessments will remain in the Exchange until May 31, 2024. If a Tier 2 assessment is not completed by May 31, 2024, we will supplement our Predictive Risk Profile (U.S. Patent Pending) with up to 91% accuracy in its place.