In this article:
At SecurityScorecard, we are proud to continuously deliver hundreds of innovative features throughout the year, enhancing the way you understand, communicate, and collaborate to reduce risk. Because we move quickly, we want to ensure that we are communicating all of our innovations to you effectively. So, twice a year, we package our new features and improvements into a release, so you can effectively leverage our product suite.
About this release
Q2 '20 Release enables effective collaboration.
Is your team truly collaborative both inside and outside your organization when it comes to cybersecurity?
Most organizations do not realize they lack a necessary cybersecurity solution to collaborate effectively and are not actually getting maximum value out of their existing investments.
SecurityScorecard’s enhanced product suite for effective collaboration empowers Security and Risk Teams to collaborate more effectively. Being collaborative allows stakeholders to work faster, smarter, and win together with internal teams and their third parties around the globe.
- Actionable Insights: Gain more insights and make smarter business decisions.
- Seamless Processes: Workflows that fit into and speed up your cyber risk management lifecycle.
- Global Ecosystem: Communicate risk and partner with businesses around the globe.
The importance of collaborating on cybersecurity is at an all time high as workforces have shifted to remote work, accelerating the digital transformation and the need to do more with less.
32 percent of CISOs demand collaborative tools, according to a study by McKinsey Digital.
Read our Q2 '20 Release Notes
This release delivers expanded innovations across the entire SecurityScorecard platform, empowering the modern cyber risk management team to work collaboratively, efficiently, and remain flexible in a quickly shifting environment. Our mission is to make the world a safer place by empowering every organization with collaborative security intelligence.
Invited Company Dashboard
Gain visibility into invited companies and contacts
What happens after you invite a third party vendor or partner into SecurityScorecard to collaborate with you?? The new Invited Company Dashboard gives you transparency into your company’s invite activity and enables you to realize the ROI of that activity. The Dashboard gives you a single pane of glass to understand what happens after you send an invite, such as whether or not vendors are working to remediate issues and improving their security posture.
Invited Company Onboarding Experience
Enable business partners to understand and improve their Scorecard
The upgraded Invited Company Onboarding Experience helps your third parties distill relevant information and easily understand what actions they need to take to improve and continuously monitor their security posture. The improved experience gets your partners up and running quickly without friction, and simultaneously reduces the workload for your team. SecurityScorecard offers context driven educational assets and an updated Dashboard with action-oriented lists, helping to increase third-party engagement and adoption.
Save time and collaborate effectively with automated workflows
Rule Builder enables you to automate key workflows so that you can save time and focus on the most critical aspects of your job. You can create rules in the platform that automatically take action when an important Scorecard change takes place.
Collaborate efficiently with more transparency around Scorecard remediation
The Audit Log updates give you more clarity around remediation statuses, enabling your teams to collaborate with accountability and full transparency into your company’s security rating. This update also allows you to view what has been requested and resolved by your third parties for basic transparency.
Gain enhanced role-based access controls
Enhanced Portfolio Teams gives you control over which users can view the portfolios in their account. Maximize operational efficiency and improve compliance by creating groups of users — or teams — with customized access to different portfolios.
Easily get the right information to remain compliant
Assess the compliance posture of your organization and your vendors with the platform’s Compliance Mapping feature. You can automatically map ratings data to the following new frameworks found in the Compliance Tab:
- CMMC (Cybersecurity Maturity Model Certification) version 1.02
- SIG (Standardized Information Gathering) version 2020 Lite, Core and Full
- ISO (International Organization for Standardization) 27001 version 2013
Communicate risk in native languages
Easily communicate security risk across multiple languages. View and download Detailed or Summary PDF Reports in Chinese, French, German, Japanese, Portuguese, and Spanish.
Data and Attribution Enhancements
Leverage continuous improvements that deliver fair and accurate scores
SecurityScorecard data and attribution enhancements give you an increasingly accurate depiction of the cyber risk of organizations. Visit the Trust Portal to find out more about the data that drives our technology.
Summarize Risk Findings
Collaborate with vendors to remediate risk when reviewing a questionnaire
Collaborating with vendors to remediate risks is now easier with the ability to summarize your own findings. When reviewing a questionnaire, you can add your own notes, point out key findings with an indicated risk level, and build remediation plans to share with your business partners. Additionally, platform findings can be shared as a PDF or CSV internally and/or with a third party.
Custom Questionnaire Wizard with Conditional Questions
Create new and edit existing questionnaires in minutes
Create a custom template or edit an existing standard industry template — such as a NIST or ISO — in minutes without leaving the platform. The Questionnaire Wizard gives you an intuitive dashboard to create a custom questionnaire, defining the categories, questions, and responses. You can also incorporate conditional questions making certain questions visible based on earlier responses. Additionally, a new Templates section in Atlas houses all of your questionnaire templates in one central repository so you can manage them in one place.
Enhanced Reporting Dashboard
Gain actionable insights on your cybersecurity questionnaire cycle
Atlas’ enhanced reporting dashboard gives you more visibility into your full questionnaire lifecycle. Review in-depth metrics around the status of your sent questionnaires, average SecurityScorecard Ratings grade for your vendor companies, mean validation score, and completion time. Additionally, new filtering and export capabilities make it easier to gain actionable insights.
Third-Party Collaboration Link
Invite your third parties to complete or review a questionnaire
Quickly and securely collaborate with users outside of your organization to review and complete a questionnaire. Atlas’ Collaboration Link now gives you instant access to the designated questionnaire and the same roles as the person who invited them, excluding the Autocomplete and Look Up lens capability.
Compliance Questionnaire Templates
Assess your business partners’ compliance controls and remote workforce readiness
Atlas now offers questionnaire templates that map directly to critical industry regulations and standards so you can easily assess the key controls and overall compliance posture of your third parties. Stay up to date and make sure you have the right information about your vendors. The following questionnaires are now available under the Templates Tab:
- Remote Workforce Business Continuity Planning 2020 — understand vendors’ remote workforce and business continuity preparedness. Learn more here.
- NIST (National Institute of Standards and Technology) 800-171 - assess vendors’ NIST standard controls.
- CMMC (Cybersecurity Maturity Model Certification) version 1.02 — assess vendors’ compliance with new Department of Defense standards.
Questionnaire Reviewer Instructions
Ensure that all questionnaire reviewers are on the same page
Questionnaire senders can now specify instructions for their teammates that review a completed assessment, such as how to review and what to look out for for individual questions. Ensure consistency and eliminate confusion when multiple team members are involved in reviewing a completed assessment. Leverage this new feature to cut the questionnaire cycle by aligning all of your team members who are involved in reviewing a completed questionnaire.
APIs and integrations
SecurityScorecard Add-on for Splunk 2.0
Continuously monitor score changes and prioritize risk at scale with SecurityScorecard data in Splunk
Our integration for Splunk enables you to leverage the power of Splunk to search, visualize, create alerts, and take actions based on score changes. Our newest integration with more comprehensive data and issue-level findings enables you to efficiently monitor your own cybersecurity risk as well as the risk posed by your third parties. This new version also features more reliable and efficient data importing, support for Splunk Cloud, and compliance with CIM data models. Learn more and install the app on Splunkbase.
Archer GRC Integration 2.0
Monitor third-party risk at scale with SecurityScorecard data embedded in Archer
SecurityScorecard’s integrated solution with the RSA Archer® GRC platform enables you to scale and enhance your vendor risk management (VRM) with SecurityScorecard Ratings. With an enhanced data structure to include factor and issue information for all companies, the updated integration provides VRM teams deeper insights into enterprise and third-party cyber risk. Additionally, you can trigger custom workflows, vendor assessments, and integrate ratings into Archer’s robust reports. Learn more and download the integration package on the RSA Archer Exchange.
ServiceNow Integration with Orlando Support
Integrate SecurityScorecard data into ServiceNow for VRM and ITSM
The SecurityScorecard app for ServiceNow for IT Service Management (ITSM) and Vendor Risk Management (VRM) now supports ServiceNow’s latest version, Orlando. ServiceNow users can deploy the integration directly from the ServiceNow App Store and embed SecurityScorecard data into their existing ServiceNow workflows. Learn more about our ITSM App and VRM App on the ServiceNow App Store.
Increase your cybersecurity knowledge and reduce reputational risk
SecurityScorecard’s QuickStart gives you a deeper understanding of the issues highlighted in your Scorecard and the risks they pose. Receive tailored advice from a SecurityScorecard security expert on how to quickly improve your security posture.
Build a strong foundation with guidance from Third-Party Risk Management (TPRM) experts
Start off on the right foot when building or re-launching your TPRM program. Discuss the tenets of a program with a qualified expert and receive a recommendation tailored to your objectives, stakeholder needs, and risk appetite. Recommendations will focus on accelerating program maturity and include quick wins, how to leverage SecurityScorecard and which pitfalls to avoid.
TPRM Program Enhancement
Reach program maturity and incorporate risk ratings into your TPRM program
Make the most out of your SecurityScorecard purchase by learning how to incorporate security ratings into your existing TPRM operation. Quickly realize efficiency and effectiveness objectives by working with subject matter experts to develop a tailored maturity roadmap. Roadmap will be based on current state maturity, objectives, and risk appetite.
Augment your existing team capacity with strategic services
Now you can leverage an à la carte consulting service to implement and execute strategic initiatives at the customer’s discretion. New Advisory Services include an assessment approach, custom questionnaires, vendor tiering approach, custom alert strategy, Scorecard to questionnaire mapping, or other strategic initiatives.
- Scorecard Manager: Accelerate vendor remediation with continuous monitoring Scorecard Manager managed service provides you with continuous monitoring by security experts so that your team can focus on other critical aspects of their job.
- Atlas Manager: Easily manage your questionnaire assessment process with expert help
Atlas Manager managed service provides further time-savings, scale, and efficiency in managing the due diligence process using Atlas.