A cloud-based platform with a comprehensive view of risk structured around the NIST cybersecurity framework, iTrust Cyber Risk Ratings has more than 100 proprietary data points. This cloud architecture stores data on the back end, provides resources, and schedules scans.

Vendor self-assessment is conducted through internal surveys of cybersecurity practices and scored with crowdsourced reputation ratings. Independent technical testing uses vulnerability scanning, dark web analysis and aggregated web data. Reputation ratings are assigned based on fourth-party reputation and threat intelligence from a global community of 80,000 researchers and security professionals from 140 countries.

The Portfolio Tab displays vendor ratings, geo-location and the average iTrust rating. Within this, there is a Risk Metrics tab showing high-risk vendors, compliance status, and compliance aging. The Alerts tab houses information like vendor lists and their rating variances. These pages are easy to filter through.

Vendors can be loaded into the Portfolio in groups for better organization. Organizations can look at risk metrics per vendor according to their compliance standards and frameworks, see trends in ratings, and drill down deeper to see how many vendors are expiring in the timeframe set for that compliance framework. Teams can add and view vendors, see invite history and create private notes. They can also investigate details like iTrust, industry and cyber risk posture ratings. Vendors can take surveys anytime or every six months.

The Surveys tab shows progress alongside reputation ratings from one to five stars. Clicking on an assessment shows the metric rating alongside each question. Reports can be exported to PDF, HTML and emailed reports to show ratings, high-risk vendors, compliance status and those that have been breached or compromised. A variety of customizations can be applied apart from vendor group organization. Teams can modify notifications and messages and add users with multiple user accounts (with three different user roles for each – administrator, manager and user).

Various DNS tests include mapping and vulnerability scans. Perimeter security looks at edge devices and scores them on a metric rating graph. Additional testing includes looking for misconfigurations in mail severs, spam and P2P file sharing, plus hacker threat analysis.

Risk assessments are tracked and results can be shared with vendors and internal stakeholders. The solution offers continuous surface security assessment capabilities and ongoing access to results. The support portal contains online videos, with approximately 10 to 12 for each dashboard, and the company’s knowledgebase is currently being expanded.

—  Tested by Matthew Hreben