Request Placement Prerequisites
Once a Third Party has been prioritized for requesting, you’ll need to be prepare the following:
1. Third Party Contact Information
- The name and email address of your Third Party contact.
- This person will need to verify the relationship between your organization and the Third Party. They will then route your CyberGRX assessment request to the appropriate security contacts for completion.
2. Third Party Introductory Email
- It’s strongly recommended that your Third Party contact receives an introductory email from you in advance of hearing from CyberGRX. This initial contact validates the request and makes the Third Party much more likely to be responsive to CyberGRX.
- Example template:
Welcome to the [BUSINESS NAME] Vendor Security Assessment Program.
The purpose of this program is to reduce the risk posed to [BUSINESS] by our vendors. Properly managing our vendors is critical given the increasing instances of companies being compromised through their service providers.
This assessment is completed by you, our vendor, and should reflect the controls within your organization (and any subcontractors). However, the assessment itself should be scoped to your entire organization, not to [BUSINESS] specifically.
CyberGRX has been retained to perform this assessment. They will be reaching out to you directly to initiate the process.
Upon completion, your organization will be able to share this assessment when future assessment requests are received, saving your organization the time and effort that is typically required to fulfill multiple assessment requests.
Please reply when your CyberGRX assessment is finished, or if you have any questions about the process.
3. Add Third Party to Your Portfolio
- New third parties can be added at any time on an ad hoc basis by using the Add Company button on the Third Party Portfolio tab – or in bulk by emailing Third Party names and URLs in list form to your Customer Success Manager.
- Encountering duplicates in the Add Company list results is common. We recommend selecting third parties that match the URL and location of your vendor and are marked as being in the exchange and/or having an available assessment. Choose the one that already has something available.
- Simply click the Add Company button found next to your desired Third Party record to add that Third Party to your portfolio.
Placing Assessment Requests
Once you’ve decided which Third Party to request an assessment for, and you’ve completed the aforementioned request prerequisites, follow these steps:
1. Click the Request Data button next to your Third Party’s name in the Portfolio Management tab.
2. Fill in the required Add Request Recipient. Then click Add Contact.
3. Select the desired Tier and Confirm.
5. Click Go To Portfolio.