Use Action Plans to collaborate with your vendors on security improvements

Action Plans are now available to all SecurityScorecard customers and can be accessed from a Scorecard or Core Tools.

If you are assessing a vendor who is not meeting your security expectations or requirements, or if you want them to improve their security posture, give them an Action Plan.

How Action Plans work

You can quickly design Action Plans to have your vendors make improvements by your specified deadline in the following areas:

• Overall security score and letter grade
• Scores for specific factors, such as DNS Health or Application Security 
• Resolution of specific issues (The objective of this plan is not necessarily a higher score. The intent is to target issues, such as those with higher severity.)

When you design and send the plan, SecurityScorecard sends your vendor contact an email on your behalf, briefly explaining the plan's purpose and objective, and providing background information about SecurityScorecard.

If the vendor has a SecurityScorecard account, they can log in to the platform and start working on the plan. 

If the vendor does not have an account, the email provides them a link to create a free account and then proceeding to the plan.

You and the vendor can track progress and communicate directly through the platform. Each time one of you sends a message, the recipient gets an email notification.

Note: If you remove a vendor from your Portfolio, any Action Plan you created for that vendor is still visible for you and them.

Also, while any user can send an Action Plan to a vendor, that plan can only be seen by the user to whom it was sent, not by everyone in their organization. 

You also can change the scope of the plan any time.

When the vendor completes all the action items in the plan, it is marked Complete. 

Create an Action Plan

1. Use one of the following paths to start creating a plan:

• • In the Scorecard header, click Create Action Plan.
    
    
    
    
  • Select Action Plans from the Core Tools menu in the top navigation.
    
    
    
    

2. On the Action Plans page, click Create plan.
   
   
   
   
3. In the plan creation form, select the organization you want to execute the plan.
   
   
   
   
4. Name the plan.
   
   
   
   
5. Select a date for completing the plan.
   
   
   
   
6. Select your plan objective.
   
   
   
7. Select details and targets for your objective: 

• • For overall score, select a target score and letter grade.
  • For factor score, select factors and then select a target score and letter grade for those factors.
  • For issue resolution, select issues.

7. Click Create plan at the bottom of the form.

The new plan appears in the Created by us tab of the Action Plans page.

Your vendor contact receives an email about the plan. For them, the plan appears in the Assigned to us tab of the Action Plans page.

Manage the plan scope and collaboration

To see the specifics of the plan, make any changes, or initiate collaboration with the vendor, click the name of the plan on the Action Plans page.


View and adjust plan scope

At the top of the plan details page, see the target and progress indicator.

Note: We calculate targets based on the cumulative score impact of all listed issues. So, one point of score impact for any individual issue does not equal one point in the overall score.

To reduce plan scope, select action items from the table and click Remove.


Collaborate with your vendors

Click Add a comment to send a message to the vendor.

In the conversation panel, type the @ symbol and the contact's email address. Then write your message.

As the conversation thread progresses, click Add a comment at any time to see recent comments.