General Provisions
Release of Functionality: SecurityScorecard is not obligated to, and makes no representations that it will, generally release functionality in development.
Contingency: Purchases are not contingent on the delivery of any future functionality or features, or dependent on any oral or written comments regarding future functionality.
Legend: ☑ Included | ☐ Not included
TITAN Watch: Core, Premium, Elite
Cyber risk management platform for identifying, analyzing, and reducing risks based on externally detectable security postures and threat-actor behavior. Each platform license represents one top-level domain that is swappable 10 times in a 12 month period.
| CAPABILITY CATEGORY | CAPABILITY | CORE | PREMIUM | ELITE | DEFINITIONS |
| Organization-level risk analysis | Security rating scorecard | ☑ | ☑ | ☑ | Current and historical analysis of a single organization’s security posture based on findings attributable to its top level domain. |
| Custom scorecard | ☑ | ☑ | ☑ | Scorecard based on an user-defined set of domains and IPs. The custom scorecard for the | |
| ChatSSC | ☑ | ☑ | ☑ | Conversational AI agent for analyzing SecurityScorecard platform data. | |
| Single framework compliance mapping | ☑ | ☑ | ☑ | Analysis of an organization’s adherence to a compliance standard based on external security posture data. Only one pre-built compliance framework can be used at a time. | |
| Multiple and custom Compliance framework mapping | ☐ | ☐ | ☑ | Analysis of an organization’s adherence to a compliance standard based on external security posture data. Multiple pre-built compliance frameworks and the ability to create custom frameworks is available. | |
| Continuous monitoring | All companies | ☑ | ☑ | ☑ | A repository of partially or fully monitored organizations that captures relationship details for contextualizing risk. |
| Unlimited partial monitoring | ☐ | ☑ | ☑ | Continuous visibility of a subset of a scorecard’s data for an unrestricted number of organizations. | |
| 3rd and 4th party vendor discovery | ☐ | ☑ | ☑ | Automated identification of an organization’s likely business relationships based on evidentiary analysis of sources like HTTP requests, mail exchanges and job postings. | |
| Product search within vendor ecosystem | ☐ | ☑ | ☑ | Identification of specific software products used by third and fourth parties.
| |
| Reporting | Basic report creation | ☑ | ☑ | ☑ | Pre-built dashboards and reports from SecurityScorecard. |
| Exportable reports (SSC branded) | ☑ | ☑ | ☑ | Formatted data export of scorecard data. | |
| Advanced report creation | ☐ | ☑ | ☑ | Custom reports, report scheduling, and data retention capabilities. | |
Exportable reports (co-branded and white-labeled)
| ☐ | ☐ | ☑ | Formatted data export of scorecard data with user-defined branded elements. | |
| Workflow and user management | Federated single sign-on | ☑ | ☑ | ☑ | User authentication with the organization’s own identity management system. |
| Role-based access controls (RBAC) | ☑ | ☑ | ☑ | Capabilities for platform administrators to control user permissions. | |
| Basic rules and alerts configuration | ☑ | ☑ | ☑ | Automation based on single statement conditions defined by platform users. | |
| Basic integrations | ☑ | ☑ | ☑ | Basic integrations embed SecurityScorecard data into everyday security and business tools to improve visibility and streamline simple workflows. They make it easy to share insights and take lightweight actions without requiring deep configuration or process changes.
| |
| Advanced integrations | ☐ | ☑ | ☑ | Advanced integrations deeply connect SecurityScorecard with core systems of record, enabling automated workflows, bi-directional data exchange, and end-to-end risk management processes. They support operational scale by embedding cyber risk intelligence directly into critical enterprise workflows.
| |
| AI agents | ☐ | ☑ | ☑ | Additional AI-powered capabilities that support remediation, reporting, and TPRM workflows. | |
| APIs for custom integrations | Rate limited | Rate limited | Unlimited | APIs for users to build tailored connections between the SecurityScorecard platform and other software systems.
Core and Premium customers are limited to 10,000 API calls per platform license per year. | |
| Questionnaire management | Pre-built template questionnaires creation | ☑ | ☑ | ☑ | Creation and distribution of questionnaires using formats defined by SecurityScorecard. An unlimited number of questionnaires can be sent to the organization being monitored. The following pre-built questionnaire templates are available:
|
| Vendor response validation with security ratings | ☑ | ☑ | ☑ | Mapping of external security posture data to questionnaire questions for side-by-side comparisons. | |
| AI-powered document analysis | ☐ | ☑ | ☑ | Conversational search and querying of unstructured documents provided by vendors as evidence of security requirements. One document can be analyzed at a time with an unlimited number of questions entered per document. | |
| Custom questionnaire creation | ☐ | ☑ | ☑ | Creation and distribution of questionnaires using formats defined by platform users. An unlimited number of questionnaires can be sent to the organization being monitored. |
TITAN Assess: HyperComply Startup, Growth, Enterprise
Customer trust automation platform for organizations that respond to security questionnaires and share security and compliance evidence with customers via a trust center.
| CAPABILITY CATEGORY | CAPABILITY | STARTUP | GROWTH | ENTERPRISE | DEFINITIONS |
| Trust pages | Number of Trust pages | 1 | 1 | 1 | Public page for centralizing evidence related to security, privacy, and compliance that customers or vendors can access during due diligence activities. |
| Data rooms | ☑ | ☑ | ☑ | Collaboration space where security teams can share files and policies with prospects and customers. An unlimited number of Data rooms are available. | |
| Number of guests | 5 | 20 | Unlimited | Participant that can access and work in a HyperComply Data Room. | |
| Access gating | ☑ | ☑ | ☑ | Security control for authorizing access to sensitive documents from Trust Pages. | |
| API | ☑ | ☑ | ☑ | APIs for programmatically provisioning access to Trust Pages | |
| Pre-built Integrations | ☑ | ☑ | ☑ | Integrations with Google, Slack, and Salesforce. | |
| Customization | ☐ | ☑ | ☑ | Ability to brand and structure trust pages match an organization identity and specific business needs. | |
| Questionnaire response | Number of AI-powered questionnaire responses | 30 | 120 | Unlimited | Automated drafting of answers to security questionnaires by matching questions against stored compliance data and previous responses. |
| Included questionnaire response service engagements | 5 | 15 | 50 | "Human-in-the-loop" service where certified experts review and tune every AI-generated draft to ensure accuracy before it is sent to a customer. 3-day SLA. | |
| Number of segments | ☐ | 1 | Unlimited | Structural feature for organizing your security knowledge and documentation by different product lines, business units, or regions within a single account.
| |
| Security | Google single sign-on | ☑ | ☑ | ☑ | Authentication using Google Workspace credentials for single sign-on |
| Custom SAML integration | ☐ | ☐ | ☑ | Authentication using internal identify provider for single sign-on | |
| Role-based access controls (RBAC) | ☐ | ☑ | ☑ | Capabilities for platform administrators to control user permissions. |
TITAN Secure: Internet Intelligence
Massive-scale infrastructure internet scanning engine that integrates high-fidelity scanning with industry leading attribution. The raw telemetry provided can be used to identify, hunt, and remediate threats across attack surfaces.
| CAPABILITY CATEGORY | CAPABILITY | INTRO | BASIC | STANDARD | UNLIMITED | DEFINITIONS |
| Internet Intelligence | Number of calls per year | 25,000 | 75,000 | 500,000 | Unlimited | Data feed that enables access to SecurityScorecard’s proprietary internet intelligence database. Data can be explored in a portal user interface and accessed directly via API. |
Add-on Products and Services
These modules are available as optional additions.
| CATEGORY | Product/Service | DEFINITIONS |
| TITAN Watch add-ons | Cyber Risk Quantification | Financial impact analysis powered by an integration with ThreatConnect Risk Quantifier. Requires a Core, Premium, or Elite license per vendor. |
| TITAN MAX Managed Services | Questionnaires | Managed service for creating, distributing, and analyzing responses to vendor security questionnaires. One managed questionnaire per vendor per year. Requires a Premium or Elite license per vendor. |
| Monitor | Managed service for continuously monitoring third-party risks. Requires an Elite license per vendor. | |
| Respond | Managed service for continuously monitoring third-party risks and engaging vendors to drive risk awareness and issue resolution. Requires an Elite license per vendor. | |
| Onboarding | Onboarding | Structured services designed for accelerating the adoption of SecurityScorecard Platform capabilities. |
Other Standalone Products and Services
These modules are available for purchase without requiring a SecurityScorecard platform license.
| CATEGORY | Product | DEFINITIONS |
| Resale products | Grip Security Platform | Grip supply chain detection solution sold by SecurityScorecard. |