Panorays has announced a partnership with Shared Assessments to provide Panorays customers with access to the Standard Information Standard (SIG) questionnaire. This is an innovative offering but may prove to be a mixed blessing.
In the cyber risk ratings market, Panorays may not be as well known as some of its competitors. However, the company is working to carve out a niche as an end-to-end provider of third-party risk management and not just a supplier of risk ratings. From the start, it has offered customers the ability to automate the distribution of security questionnaires to vendors.
Panorays’ partnership with Shared Assessments means that Panorays customers can now use the SIG as their preferred security questionnaire through their subscription fee. Purchasing the SIG directly from Shared Assessments currently costs US$7,000.
“The SIG questionnaire is now integrated into Panorays’ third-party supplier management platform. The platform itself eliminates the need for manual questionnaires, automates the security evaluation of the company’s cyber posture and dramatically speeds up the third-party vetting process,” explained Dov Goldman, director of risk and compliance at Panorays.
Image source: Panorays logo
The SIG is as close to a standard for security questionnaires as they come. Panorays definitely deserves applause for giving customers access to it. The potential downside, however, is that the SIG questionnaire is notoriously large, complex, and difficult to customize. Panorays customers will need to carefully decide if taking advantage of this offering will cost them more in time than it will save in money.
Dark web monitoring for supply chain risk is becoming a mandatory feature for cyber risk ratings providers. Panorays’ latest press release shows that it is catching up to the big players.
Normshield recently announced that it has licensed the FAIR model to allow customers to quantify supply chain security risk in terms of financial impacts. It is innovative, but is it useful?
BitSight Enterprise Analytics looks to increase the value proposition of using cyber risk ratings for internal risk management, but are they barking up the wrong tree? If you assume that cyber risk ratings are mostly useful for third-party risk management, you aren’t alone. BitSight is aiming to change that with its new Enterprise Analytics solution, but it may be chasing after the wrong audience.
SecurityScorecard has announced the availability of new professional advisory services to help customers consume its vendor cyber risk rating product. In doing so, it is tacitly admitting that risk ratings are not the easy solution they’ve been hyped to be.
RiskRecon and RSA have announced a partnership to bring RiskRecon’s third-party risk rating services to RSA’s Archer Governance, Risk and Compliance (GRC) system. This should be a welcome move for Archer customers.
BitSight, one of the leaders in cyber risk rating, has announced a new product to allow organizations to benchmark against their peers. Dubbed “Peer Analytics,” this service will interest companies where benchmarking is a compliance obligation.
SecurityScorecard, a leader in vendor cyber risk rating, has announced an initiative to help non-profit organizations with third-party risk management. Named Project Escher, this initiative demonstrates SecurityScorecard’s commitment to the non-profit sector.