CyberGRX announced that its Framework Mapper capability is now available to third parties. With the ability to map CyberGRX’s assessment back to industry frameworks, third parties will be able to translate the CyberGRX assessment to other standards, allowing them to share assessments quicker and engage with more customers than ever before.
Third parties are inundated with requests for assessments and because of this, enterprises aren’t getting the insights they need when they need them.
The cost of this is immense. In fact, according to a recent report CyberGRX published with Ponemon Institute, third parties spend over 15,000 hours completing cyber risk assessments each year, in which enterprises only take action on 8% of those assessments that they receive.
With the addition of CyberGRX’s Framework Mapper capability, third parties can now replace redundant assessments with the CyberGRX assessment by simply mapping the assessment back to relevant industry frameworks such as GDPR, CCPA, NIST 800/CSF, HIPAA, etc.—as their customers request.
“Completing custom assessments takes up a lot of third parties’ time and resources, and the reality is a majority of them aren’t even being used by enterprises and other third parties to make strategic, business decisions,” said Fred Kneip, CEO of CyberGRX.
“The ability to map CyberGRX enriched data to other assessments and frameworks means that third parties can now move away from custom and redundant assessments, and spend more time mitigating risk. Thanks to our structured dataset, CyberGRX is the only VRM solution on the market that can provide this capability to both our customers and third parties.”
CyberGRX assessments apply a dynamic and comprehensive approach to risk assessment analysis, replacing outdated static spreadsheets as well as the need to repetitively complete or request assessments each year.
With the CyberGRX Exchange, users are able to collect assessment data in a structured format that lets them run analytics and derive rapid and actionable insights. This standardized data approach also allows for standard input and custom output of the assessment data.
Framework Mapper will now allow third parties to gain complete visibility and context of their third-party risk, so once a third party completes the CyberGRX assessment, they can then confidently share that same assessment with other customers and offer to map it to the industry standards of their choice.
from Help Net Security https://ift.tt/3vB7pZI
0 comments:
Post a Comment