How can I monitor & manage my (legal) subsidiaries with SecurityScorecard?
Option 1 : Monitoring subsidiaries in a Portfolio
- This suits better if your goal is to just monitor your subsidiaries (not necessarily manage them)
- Create a Portfolio, let's say 'My Subsidiaries' and add subsidiary scorecards to monitor them.
Option 2 : Managing subsidiaries via Hierarchy
- This is suitable for Common / Hybrid IT teams who are responsible for risk for multiple subsidiaries and hence need all key permissions to manage subsidiary scorecards.
- Access to the subsidiary scorecards is still dependant on them being followed, same as for any other scorecard.
- Pre-requisite is to first get your subsidiary scorecards updated under Hierarchy Tab [Login to SSC >> Go to 'My Organization' in top navigation >> Go to 'My Scorecard' >> Click Hierarchy]
- Submit support ticket here to get your hierarchy updated.
- Once Hierarchy is updated, then 'Customer Admin' in Parent Scorecard will have access to following permissions for their subsidiary scorecards
- View issue evidence and submit remediations
- Add missing assets via digital footprint
- Move assets between subsidiaries via digital footprint
- Comment on issue findings and make it public
- View Attack Surface for your Subsidiary
- Edit your hierarchy i.e. add or remove your subsidiary scorecards
To enable all above permissions for your subsidiary scorecards, you need to enable 'Attack Surface Dashboard' from Early Access Center (access via your Profile on Top Right of the platform)