The validation process requires Third Parties to share sensitive, cyber-relevant information with CyberGRX Analysts. For this reason, we offer several formats for sharing of evidence artifacts. We have found that the most efficient formats for validation are:
- Evidence In Platform: The Third Party utilizes the evidence upload feature within the CyberGRX Exchange. Learn more about this process here: CyberGRX Evidence in Platform.
- Document Sharing: The Third Party uploads evidence artifacts to their preferred cloud-hosted document sharing platform. Please provide access to all of your assigned Analysts for evidence review and quality checks.
- Web Conference: The Third Party’s internal security policies may prevent them from uploading evidence artifacts. CyberGRX Analysts are happy to schedule a web conference to observe evidence artifacts online, without taking possession of the artifacts directly. Web validation also does not use screen captures or recordings.
- *On-site validation is suspended indefinitely* In rare circumstances CyberGRX Analysts may travel on-site to perform validation. The validation process and standards do not change if validation is conducted on-site. On-site validation incurs additional logistical challenges and increased cost but does not change the insights gained from the validation process.