Released Q4 2020
Privacy Controls Content Enhancements: The CyberGRX Assessment has been expanded to include enhanced privacy controls to help you meet third-party regulatory requirements. These privacy controls are especially relevant when data is shared with third parties, and this updated content focuses on core privacy principles such as identification, governance, control, communication, and the protection of privacy data based on standard frameworks like NIST 800 and CSF for Privacy. The enhanced privacy controls content of the assessment allows CyberGRX to provide comprehensive coverage for increasingly global privacy regulations. Click here to watch the on-demand webinar.
Framework Mapper: Quickly and easily map your third-party’s security controls across industry-standard frameworks (NIST 800/CSF, PCI-DSS, HIPAA, NERC, etc.) or map to your organization’s custom framework. CyberGRX’s structured dataset allows standard input and custom output. Once mapped, custom frameworks can be applied to any vendor within your portfolio.
Validated Controls Results in Platform: A new component within the assessment results on the Vendor Profile page displays the list of controls reviewed during the validation phase and the outcome of that review process (i.e., Validated or Not Validated). This component will also serve as an additional UI indicator that the validation phase is still in progress when non-validated results are available.
"You’ve Been Added to a Portfolio" Widget: Third parties now have visibility into which customers on the Exchange have added them to their portfolio. Third-party users with appropriate user roles are alerted each time a customer adds them to their portfolio via email and with an in-platform notification. Third parties can also view the latest five customers who added them from the widget on their Manage My Company Profile page or a complete list in their Customer Portfolio Table. Increasing the third-parties’ visibility to these relationships aims to strengthen the Exchange, improve the third-party experience, and drive the assessment progress.
Improved Platform User Roles: The platform now offers more intuitive and granular user roles that clearly align with specific platform activities, including the required steps around the assessment lifecycle. Multiple people can be assigned to each role and event-based notifications will be tied to these roles to ensure all stakeholders have visibility to relevant communications. This removes the risk of a single point of failure for account users for both customers and third parties using the CyberGRX platform.
New User Management Page: With a more efficient workflow and a sleek, easy-to-read design, the User Management page now clearly displays each user’s information, platform role, last login and user-state (Active, Inactive or Pending). These changes aim to enhance account management and provide Account Administrators better visibility into user activity as well as to the invitations sent to others within their organization.
Streamlined Third Party Profile Agreement (TPPA) User Flow: Third parties can now start their assessment without signing the TPPA. The TPPA is required at time of final submit, and can be signed at any time during the questionnaire user flow. This change allows third parties to better understand the platform and the Exchange before signing and will remove this step as a blocker to assessment progress, potentially shortening the time required to deliver assessments.
End-to-end Automation of the Assessment Process: New vendors are now on-boarded to the platform, able to register and claim their company on the Exchange, and can complete an assessment without any manual intervention from CyberGRX. The entire assessment experience has been reimagined starting with an automated kick-off email triggered by a customer order which now includes a forward-able registration link to ensure the correct third-party resource has access to the platform. Once in the platform, third-party users can provide information about their company, access the CyberGRX console, and begin the assessment process. This improves the third-party experience, reduces lags due to manual steps in the assessment lifecycle, and allows us to deliver value to customers and third parties in a timelier manner.