As a Customer, it's important to evaluate your objectives and decide which tier of assessment makes the most sense for each Third Party. The tier of assessment should be determined by the level of sensitive data that the Third Party may handle, store, or have access to. By completing the Impact Questionnaire, ProcessUnity GRX will use the data to calculate an inherent risk rating of Critical, High, Medium, Low, or Nominal.
Tier |
Description |
Question Count |
Tier 1 Assessment with Validation |
Intended for highest risk third parties only. Extensive and validated examination of a cyber risk program at the sub-control and metric level via strength, coverage and timeliness data. Scores are presented as maturity of control families and effectiveness of sub controls. |
Maturity: 35 Total: 1050 |
Tier 2 Assessment with Validation |
Intended for high to medium risk third parties. Robust and validated examination of how a cyber risk program is implemented and managed. Scores are presented as maturity of control families and coverage of sub controls. Coverage alone does not indicate how well a control is implemented. |
Maturity: 35 Total: 390 |
Tier 2 Assessment |
Intended for medium to low risk third parties. Robust examination of how a cyber risk program is implemented and managed. Scores are presented as maturity of control families and coverage of sub controls. Coverage alone does not indicate how well a control is implemented. |
Maturity: 35 Total: 390 |
Predictive Assessment |
Intended for high to nominal risk third parties. Provides predictions of how a cyber risk program is implemented and managed to enable timely decisions especially in scenarios where the third party may resist requests for an assessment or be significantly delayed in its completion. Scores are presented as coverage of sub controls. |
Sub-Control: 220 Total: 220 |
Comments
0 comments
Please sign in to leave a comment.