In this article:
If you recently received an email invitation to join SecurityScorecard, you may be wondering why. Here are answers to some commonly asked questions:
What is an Action Plan?
An Action Plan clearly outlines steps that an organization can take to improve its security score and strengthen security. It can address an overall security score and letter grade or it can target specific score factors or issues.
Both parties can track progress and communicate directly through the platform.
A SecurityScorecard account is required to access Action Plans.
Why am I being asked to work on an Action Plan?
The sender is reviewing your Scorecard and found outstanding issues that are important to them. They want you to either resolve those issues or provide more information about them. This will help satisfy their commitment to their security and the security of everyone with whom they do business.
How do I work on an Action Plan?
From the button in the email, you'll be directed to the appropriate area of the platform. If you don't have an account, you'll be prompted to open one.
Or, from the dashboard, go to Core Tools > Action Plans.
Choose the "Assigned to us" tab.
Open the Action Plan that was sent to you.
There you'll see detailed information sent to you by the requester. It will outline the issues that need to be addressed.
If you choose a single issue, you can get more information about it, the risks associated with it, and suggestions on how to fix it.
After you remediate the issue, simply select it at the bottom of the screen and tap "Fixed." This will prompt an automatic rescan that confirms whether the issue is still being detected or not.
Who can send and access Action Plans?
Any user can send an Action Plan to a vendor, but only the vendor to whom it was sent can access it, not everyone in their organization.
What is SecurityScorecard?
SecurityScorecard is a global leader in cybersecurity ratings. Its goal is to make the world a safer place by transforming the way organizations understand, mitigate, and communicate cybersecurity risk.
SecurityScorecard continuously scans the web to detect and collect signals that indicate the potential for vulnerabilities or the confirmation of exploits.
Why did my organization receive an email invitation?
You're a vendor that currently does business with the sender.
or
You're a vendor that may do business with the sender in the future.
The organization that invited you will likely share critical data or access with you. They want to ensure all their vendors maintain a strong external security posture and remain unlikely to suffer a breach
What is a Scorecard?
A Scorecard is an objective assessment of an organization's security posture.The data included on the Scorecard is generated by continuous scans of internet-facing IP addresses. In those scans, signals are detected, collected, and categorized into factors. Each factor gets its own numeric score based on its importance. An overall score and letter grade (A-F) is displayed prominently on the Scorecard. Your score is directly linked to the likelihood of breach. For example, an F means your organization is 13.8 times more susceptible to a security breach than an organization with an A.