Use Portfolio Trends Report to communicate changes over time across your monitored security portfolio to your executive leadership, boards of directors, your security team, and other internal stakeholders.
As a vendor risk manager (VRM), run the report as needed to illustrate your organization’s ability and progress with decreasing the likelihood of breach and understanding your vendor security postures:
- Gauge what your company has done to reduce the third-party risk within a particular time frame.
- View the number of detected issues on your vendor scorecards against the number that have been fixed.
- Track aggregate historical trends, such as remediations or portfolio scores over time, or portfolio companies engaged in solving issues.
- Evaluate how scorecard ratings have improved your company’s security.
Tip: To view security progress one other company or your own, use the Company Trends Report.
Run the report
- Select Portfolio Trends Report from the Analysis Tools drop-down list.
- Select a portfolio to report on, or select All Portfolios.
- Select a time range to report on.
The age of your portfolio and the current date affect the data you can see:
- If your portfolio is less than a day old, you can see the 30-day range within 24 hours after you created it.
- If your portfolio is less than one month old, you can only see the 30 day range.
- When your portfolio’s age passes 30 days, you can view other ranges.
- The data for each month appears on the first day of the following month.
Tip: Hover over a point in time for any visualization to see detailed, cumulative information about that specific period.
- To share the report with stakeholders who cannot access the SecurityScorecard platform, export it as a PDF.
Learn more about the report’s data
Review each visualization to illustrate important aspects of your vendors’ security:
- Average Portfolio Score displays the historical average score of the selected portfolio for the selected time frame. For broader context, view this data in correlation with the Risk Remediation and Vendor Engagement visualizations.
- Risk Remediation Performance displays vendors’ risk and response behaviors over time and provides visibility into whether they are prioritizing actions that protect your business.
- New and existing findings are security issues that require remediation.
- Remediated findings have been resolved or disputed by vendors.
- SecurityScorecard considers a finding decayed when:
- Remediation evidence is not visible from an internet view. For example, the issue was remediated behind a gateway.
- There has been no observed activity for a time period specific to the issue type.
- Monitored Organizations are the total number of companies in the selected portfolio over the selected time range.
- Active Organizations are monitored organizations in which users have logged into the platform within the preceding 90 days. Active companies with grades C, D, or F at the time they are invited typically improve their scores by an average 7 or 8 points within three months, while the scores of unengaged companies remain relatively unchanged over the same period.
- Top Movers and Bottom Movers are the best- and worst-performing organizations in the selected portfolio for the selected time frame. Click any listed organization to view their scorecard.
If you need help or have additional questions about this report, submit a Support request.