Panorays provides a full perimeter overview of vendor risk. Evaluators and suppliers can dispute or validate findings, leading to higher collaboration. It looks at security through the eyes of 10,000 hackers and combines smart questionnaires and big data to produce actionable insights and personalized ratings.
The solution provides dynamic ratings, research, tools, and analysis for transparent, integrated and secure use of third-party services within large enterprises. This is a worthwhile investment for those looking to increase cyber-resilience, shorten the supplier evaluation process, meet compliance with certain standards and maintain security posture visibility. With downloadable reports and the ability to upload your own, it effectively houses all vendor risk management information in one place.
Information gathered from adding suppliers to the platform is simple, and helps users to understand business impact, relationship level, points of contact and other factors important to risk assessment. Custom relationship levels can be added to those included out of the box. Once that’s completed, the assessment process is automated. The security inquiry sent to suppliers is fully customizable. Recommendations based on regulations like HIPPA and GDPR come ready-made in a template. The out-of-the-box pieces can be customized.
The dashboard provides a high-level overview of third-parties with ratings and their breakdowns. Each has a general rating of security posture as well as GDPR, general and security inquiry ratings. An organization can delve into a supplier’s security details for breakdowns of risk rating contributions and industry standing. There are also subcategories for application, human, network and IT risks, which are scored zero to 100 (zero for lowest risk, 100 for highest) and can be investigated for rating formula explanations.
You can view findings and apply necessary patches. Panorays tried keeping mitigation as straightforward as possible; however, if there are multiple ways to apply patches you cannot choose how to apply them. We certainly acknowledge this approach reduces time between discovery of risk and resolution, but would like to see customizable options in the future and links to explanatory information. We were told new contextual guidance documentation was in the works, covering items like how-to questions, and was to be rolled out shortly.
With outside-in and inside-out simulated hacker views, organizations see both sides of the vendor risk management space. Panorays covers the entire lifecycle of third parties, from vetting to management, assessment to remediation and maintenance through continued monitoring.
Tested by Matthew Hreben