See organizations' relationships with hierarchies

In this article:

Use hierarchies to help you visualize how organizations you monitor are related within a parent business entity and to show how your own corporate relationships are structured.

Hierarchies can provide useful context for assessing third-party risk, such as how security policies are inherited across related organizations.

Understand how hierarchies are structured

A hierarchy is a tree-structured visualization of a parent entity and its holdings, represented by their Scorecards. A hierarchy can also include published Custom Scorecards.

A hierarchy includes up to three levels:

• Parent (top level)--The holding company is the entity at the top of the hierarchy. In a multinational corporate structure, it is the global holding company.
• Child (second level)--A direct subsidiary of a parent. A child can only have one parent. Also, when a domain is added to a hierarchy as a child to a parent, that parent inherits any subsidiaries (infants) of the child.
• Infant (third level)--An direct subsidiary of a child.

View a hierarchy for a Scorecard

To see how an organization fits into a hierarchy, go to that Scorecard, and click Hierarchy in the left navigation.

Note: A hierarchy is not an automated Scorecard feature. An organization initiates the creation of their hierarchy by working with our Support team. If you do not see a hierarchy for a given Scorecard, the organization has not posted one. 

The hierarchy shows the selected organization in a shaded box to indicate its position in the corporate structure. The following screenshot shows the hierarchy for a parent.

The following screenshot shows the same hierarchy for an infant organization.

Filter and sort a hierarchy

Use the filtering and sorting tools in the panel on the right to modify your view of the hierarchy or highlight specific organizations:

• To find a specific organization in the hierarchy, start typing its name in the text box at the top of the panel. 
  
  
  
  
• To see organizations in a specific industry, start typing the industry name. 
  
  
  
  
• To see organizations with certain grades, select those grades. Parents or children of the filtered organizations that have different grades appear greyed out.
  
  
  
  
• To sort the display of organizations by alphabetical order, reverse-alphabetical order, or highest to lowest grades, or lowest to highest grades, select the option you want. Regardless of the selected order, the parent remains on top.
  
  
  
  

Display a hierarchy for your own organization

To have SecurityScorecard build a hierarchy for your organization, send our Support team a .csv file or spreadsheet that shows the hierarchy structure.

The Support team performs an exhaustive validation process to ensure accuracy and then displays the hierarchy in the platform.

Format for .csv file

For a .csv file, use the following format:

     parent,child
     ,domain.com,
     domain.com,child-domain-01.com
     domain.com,child-domain-02.com
     domain.com,child-domain-03.com
     child-domain-01.com,infant-domain-01.com
     child-domain-01.com,infant-domain-02.com
     child-domain-01.com,infant-domain-03.com

The top row includes the parent and child columns.

The second row includes a blank column and then the column for the domain name and suffix.

The next set of rows include all the parent/child pairings.

The final set of rows include the all the child/infant pairings, if applicable.

Format for spreadsheet

If you are using a spreadsheet, format it like the following screenshot:

Tips for specifying hierarchy structures

• You can ask Support to send you a template file to help you set up the structure.

• For large hierarchies, create multiple CSV files, each containing no more than 100 domains.

• If you make a mistake, upload the original .csv file.

• You can ask Support to modify versions of the structure at any time.

• You cannot add subdomains to a hierarchy.
• To include a Custom Scorecard in the hierarchy, enter the Scorecard's UUID, which you can find in the navigation bar of that Scorecard's page.
  
  

Submit your hierarchy structure to Support

To submit your hierarchy structure, submit a Support request. with a .csv file or spreadsheet attachment formatted as shown in the preceding examples.

How hierarchies, Scorecards, and Custom Scorecards are related

Keep the following in mind when you work with hierarchies, Scorecards, and Custom Scorecards:

• Scorecards within a hierarchy do not affect each others' scores. Their Digital Footprints are isolated from each other. 
• Hierarchies are based on Scorecards. An existing Scorecard is required for inclusion in a hierarchy.  If a Scorecard does not exist, you can create a Custom Scorecard, which represents a subset of its source Scorecard's Digital Footprint.
  • You can divide a source Scorecard into multiple Custom Scorecards, representing different departments, and then link them to the parent Scorecard in a hierarchy. 
• A Custom Scorecard is independent of a hierarchy, even if it is sourced from a Scorecard in the hierarchy.
• A hierarchy feature does not provide any insight into the domains on a Scorecard's Digital Footprint.
• If a Scorecard redirects to another Scorecard, the redirect destination Scorecard appears in the hierarchy. To illustrate: Three regional Scorecards example.fr, example.uk, and example.pt all redirect to example.com, so only example.com appears in the hierarchy.