In this article:
If you are an administrator of a Scorecard for a Scorecard in a hierarchy, you can view all evidence for issue findings for subsidiary Scorecards in your hierarchy.
This enhances your ability to manage risk for organizations that have a close corporate relationship with yours, such as those with a shared IT infrastructure.
Understand what "finding evidence" is
When we show findings for issue types on a Scorecard, we provide evidence, which depends on the specific issue type. For example, in the case of the Leaked email issue type, the evidence includes the compromised email addresses.
Note: Use the following terminology in this article:
- Parent (top level in hierarchy)--The holding company is the entity at the top of the hierarchy. In a multinational corporate structure, it is the global holding company.
- Child (second level in hierarchy)--A direct subsidiary of a parent. A child can only have one parent. Also, when a domain is added to a hierarchy as a child to a parent, that parent inherits any subsidiaries (infants) of the child.
- Infant (third level in hierarchy)--An direct subsidiary of a child.
Evidence on a given Scorecard is only visible to:
- An administrator for that Scorecard
- An administrator for the Scorecard of the parent organization in a Scorecard hierarchy.
An administrator for a child Scorecard in a hierarchy can only view evidence for their own infant subsidiaries. They cannot view evidence for infants of a peer child.
For example, as seen in the following screenshot, Example Child Corp. 1 and Example Child Corp. 2 are peer children of Example Parent Corp. The Scorecard administrator for Example Child Corp. 1 can view finding evidence for their own infant subsidiaries but not the infant subsidiaries of Example Child Corp. 1.
Note: To view subsidiary evidence in your hierarchy, submit a Support request for enabling this feature.
Verify that you are part of a hierarchy
To see if you are part of a Scorecard hierarchy, go to your Scorecard, and click Hierarchy in the left navigation bar.
Note: A hierarchy is not an automated Scorecard feature. An organization initiates the creation of their hierarchy. If you do not see a hierarchy for your Scorecard, by submit a request to our Support team.
If a hierarchy exists, it shows your organization in a shaded box to indicate its position in the corporate structure.
View evidence for findings for a subsidiary
- In the Hierarchy tab, select an organization that you want to view evidence for.
Tip: If you already know that you are in a hierarchy that includes a given organization, you can just go to the Scorecard for that organization.
- Select the Issues tab for that Scorecard and then select an issue type that you want to investigate.
Or
To investigate issues by specific factor, select the Factors tab. Expand the factor that concerns you and then select an issue type in that factor. - On the issue details page, scroll down to the Findings table.
- Note any findings that concerns you and then use the bar above the table to scroll to the right.
- Review the values in the Evidence column.
In the example of the Email exposed issue type, evidence consists of compromised emails.
Take action on issue findings for subsidiaries
After investigating evidence for findings that concern you, take the following actions to help your subsidiary resolve them:
- Send them an Action Plan targeted at issue resolution.
- Contact them to discuss the issues and how they affect your organization and possibly others in the hierarchy.
- Send them a questionnaire to vet the security controls they have in place to address the issues.