Step 1: Review and Identify
Review your selected Portfolio and identify which organizations have a lower score (C, D, F). These organizations have a higher relative likelihood of breach when compared to organizations with a higher score (A, B). These organizations are lowering your average Portfolio score and require attention.
Step 2: Communicate and Set Expectations
Once identified, collaborate with these organizations and communicate your expectations.
If an organization is inactive, you can easily invite them to improve their grade by utilizing SecurityScorecard’s in-platform invite workflow.
With this workflow, you will be able to add contact information, create a personalized email message or use a template, co-brand by adding your logo, and add grade expectations with a time frame. For example, in your outreach, you can include an expectation to raise the grade to a B within 60 days.
If the organization is active, you can easily contact the company and begin collaborating. If you don’t have the right contact information, you can use the organization’s designated contacts
Step 3: Collaborate
While it's important to set expectations, it’s also important to collaborate with your third parties whose grades should improve.
With Score Planner, you can either generate an automated plan or create a plan customized to the vendor based on your needs. Business relationships require the same level of communication as personal ones. With Score Planner, you can communicate better with your third- and fourth-party business partners. Giving them insight into the security issues that matter so you can foster a stronger, more secure working relationship.
To propose a score plan for a third party:
- Navigate to the organization’s Scorecard
- Select the Issues Tab
- Select Propose a Score Plan
- Select the desired grade and generate a plan or create your own
- Download the Plan
- Share with your contact
Step 4: Ensure Compliance
We see that most organizations want to have greater influence over their vendor’s continuous security management — they want vendors to be proactive in monitoring and improving their Scorecard issues and overall grade. Customers appreciate that Scorecard provides an independent, objective, and consistent standard for evaluating security posture.
One of the most effective approaches to influence vendors is through contractual requirements. While the benefits of establishing a minimum standard are easy to understand—coordination, motivation, no grey area— implementing a program can be challenging.
Step 5: Continuous Monitoring
In order to help ensure that your average Portfolio score stays up, it’s important to continuously monitor the organization’s in a Portfolio. To make this process more efficient so that your team can focus on other important activities, utilize Rule Builder. Rule Builder enables teams to automate key workflows that trigger based on various changes in the Ratings platform.
Create the following Rule to help continuously monitor your Portfolio:
- Event: Grade Drops Below B
- For: Select a Portfolio
- Action: Send an Alert