We are using Security Scorecard through Venminder services which gives us a monthly report on our most critical vendors. It's a lot of information to digest, but I use the rating trend as an indicator of potential issues. I do include that information in my risk assessments and I report any serious increase in risk rating to management; CIO, ISO, and business line owner.
Original Message:
Sent: 12-02-2019 01:44 PM
From: Michael Prowell
Subject: Third Party Security Ratings Companies
Does anyone use or have opinions on Third Party Security Ratings Companies such as BitSight, Security Scorecard or Up guard?