In this article:
Shared Portfolios are available with a paid SecurityScorecard plan. See our plans page for more information about levels of features and access.
Building an ecosystem of partners in SecurityScorecard
SecurityScorecard provides a vendor risk management framework from which a company’s staff can view and investigate the cybersecurity posture across a portfolio of selected companies. Within a portfolio, you can understand the risk of a vendor by selecting the level of business impact a vendor has on your specific organization while also seeing the vendor's rating.
Currently there are hundreds of thousands companies being rated by SecurityScorecard and available to users in their individual SecurityScorecard dashboard. Companies that subscribe to the SecurityScorecard platform can license access to view one or more company scorecards as deemed necessary by the organization. For example, a company may license access to SecurityScorecard for 50 partner companies for multiple staff members including: risk management executives, one or more specific risk managers, and one or more information security technicians.
Users of SecurityScorecard also have the ability to segment companies into one or more vendor portfolios to help manage groups of vendors to align with a specific project or role. For example, a vendor risk manager might choose to have 3 vendor portfolios: (1) one for vendors currently under contract, (2) one for vendors in contract negotiations, and (3) one for additional vendors of interest (e.g. competitors, industry related companies, etc.). SecurityScorecard provides two primary types of vendor portfolios:
-
Shared Portfolio: is visible to all users in a company
-
Private Portfolio: is visible to only the user
By default, each company has one top level Shared Portfolio and each user has one top level Private Portfolio. Multiple shared and private portfolios can be added depending on a company’s subscription license.
Add companies in bulk to a Portfolio
To add multiple companies to a portfolio, download a sample .csv file and use it as a template to upload the companies you want.
Currently, CSV files downloaded from portfolios are supported as input to the Bulk Upload function. Also, any CSV file that specifies vendors by including a column called “url”, “urls”, “domain”, or “domains”. If none of these columns headers can be found, SecurityScorecard will look for domains in the first column of the file.
If multiple profiles are selected, the uploaded vendors will be added to all of the selected portfolios. Duplicates within existing portfolios will be ignored during the upload process.
Each unique company added to one or more SecurityScorecard portfolio consumes one SecurityScorecard vendor license.
Note: Provisional scores cannot be calculated for companies added in bulk at this time. Scorecards will become available once full scoring is complete. Read our article on provisional Scorecards to learn more.
Adding a single partner to a portfolio
Adding a single partner is simple using the “Add Company“ button available on the SecurityScorecard portfolio screen:
To search for a company, start typing its name and then select the name when it appears.
Each unique company added to one or more SecurityScorecard portfolio consumes one SecurityScorecard vendor license.
To add multiple companies to add can use the upload option.