If your organization is identified as having a High or Critical likelihood of a security incident, the SecurityScorecard (SSC) MAX Team may reach out to schedule a vendor consultation call. These calls are designed to help you identify and address security blind spots using SecurityScorecard’s objective, outside-in perspective.
Our core principles
Every consultation is facilitated according to three key principles to ensure a productive partnership:
- Here to help: This is not an audit. The purpose is to assist you in improving your information security posture. We recognize that a Likelihood Assessment is only one data point in a broader decision-making process.
- Context matters: We understand the limitations of outside-in assessments. We want to hear from you regarding your IT structure and the services you provide, as these factors can change the severity of observed indicators.
- Right of reply: We consider all Likelihood Assessment ratings "preliminary" until you have had the opportunity to examine the results and provide feedback on the indicators and recommendations.
What the call covers
The MAX Team focuses on three main topics during the consultation:
- Digital Footprint review: We will walk through the digital footprint SSC has attributed to your organization. If any part of this footprint is inaccurate, we will help you address the cleanup.
- Indicator investigation: We will outline current internet-exposed assets, services, and critical vulnerabilities SSC observes and provide guidance on what to prioritize for remediation.
- Activity enhancement: We will introduce specific recommendations to enhance your information security activities, helping you reduce the overall probability of a security incident.
Outcomes and next steps
The primary goal of the consultation is to reach a mutual commitment to action. This agreement outlines the specific steps your organization will take, whether to refine your digital footprint, remediate exposed assets, or enhance core security activities, to reduce the probability of a serious incident.
Following the consultation, the MAX Team transitions into a reporting and support phase:
- Transparency with the customer: The MAX Team provides a formal report to your customer. This document highlights the specific actions you have committed to and, importantly, your level of engagement throughout the process. While the goal is to identify improvements, the discussion may reveal that no further recommendations are necessary at that time.
- Ongoing collaboration: Your commitment doesn't end with the call. The MAX Team remains available for follow-up sessions at your request to assist with your remediation journey.
- Future alignment: If a high or critical Likelihood Assessment persists in subsequent quarters, the MAX Team will schedule a follow-up session. These recurring touchpoints allow us to discuss your progress and the effectiveness of your implemented security efforts.