How will CyberGRX properly assess the following classes/scenarios?

1. Assessing Individual or Ma/Pa Size vendors that have no security/privacy practice in place?
2. Qualifying Orgs which has widely accepted standards (HITRUST, ISO or similar third party audits)?  In an effort to permit your customers to accept this will there an override approval option so we can still track the unique exceptions in the CyberGRX system?
3. Is there an ability to clearly see the scope of the Vendor Assessment giving the Vendor and Customer the clarity on if these answers are Enterprise Focus or Service Specific?  Can this be front page so we're all aware of the scope?

Best Answer


  • Thanks, Fred - We are definitely looking forward to learn more about the new Residual Risk tools and certification indicators. CyberGRX is more than just an enterprise tool - I know we're looking forward to creating more connections with both our enterprise level customers and our service providers to those customers. 

  • Thank you Fred, it sounds like you are responding from your highest product offering.  Is it still as expansive for the lower product offerings that do the automated validations?  And still the distinguishing of an Enterprise versus a Service levels scoped agreements is important.  And it seem there should be an option at the start of the assessment which allows the person submitting answers to check if Enterprise scope or other and if Other to explain what the scope is.  This should be on the front page of the report to help those assessing the responses better know to interpret it.  I appreciate your responses and time.  
  • @recohight Great input above. We are always looking for ways to make our product offering more responsive to the market.  Thanks for participating.
Sign In or Register to comment.