Blog

OneTrust Third-Party Risk Exchange now provides SecurityScorecard Cybersecurity Rating

Solution providers expand partnership to keep companies more secure and transparent

Scott Solomon
Team Lead, Product Marketing
May 17, 2022

The increase in third-party related security attacks has been felt acutely by organizations globally. Each third party creates additional vulnerabilities by expanding the number of entry points into an organization.  

To help organizations handle these cyber concerns, OneTrust is expanding its partnership with SecurityScorecard to enable Third-Party Risk Exchange customers to view complementary Cybersecurity Ratings on thousands of third parties to provide greater insight into their cyber risk posture. The new out-of-the-box Cybersecurity Ratings are in addition to the existing integration, which enables OneTrust customers to automatically take action when a third party’s score changes.

What is the SecurityScorecard Cybersecurity Rating?

SecurityScorecard is a global leader in cybersecurity ratings, used by thousands of organizations for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting. All of this leads to a solution that encourages cyber resilience in the face of an ever-growing threat landscape.  

The company’s Cybersecurity Rating uses an objective rating system through dynamic assessments, doling out grades from A to F based on a business’s cyber security posture. That score can then be used as a baseline for other companies to make informed decisions about your organization’s risk management and cyber standing.     

That score comes from an evaluation of 10 criteria, including:  

Network Security

The Network Security module checks public datasets for evidence of high risk or insecure open ports within the organization network  

DNS Health  

The DNS Health module measures the health and configuration of an organization’s DNS settings. It validates that no malicious events occurred in the passive DNS history of the organization’s network.  

Patching Cadence  

The Patching Cadence module analyzes how quickly an organization installs security updates to measure vulnerability risk mitigation practices.

Endpoint Security  

The Endpoint Security module tracks identification points that are extracted from metadata related to the operating system, web browser, and related active plugins.  

IP Reputation

The IP Reputation and Malware Exposure module makes use of the SecurityScorecard sinkhole infrastructure as well as a blend of OSINT malware feeds and third-party threat intelligence data-sharing partnerships.  

Application Security

The Application Security module uses incoming threat intelligence from known exploitable conditions identified via: whitehat CVE databases, blackhat exploit databases, and sensitive findings indexed by major search engines.   

Cubit Score

The Cubit Score module measures a variety of security issues that an organization might have. For example, we check public threat intelligence databases for IP addresses that have been flagged.  

Hacker Chatter

The Hacker Chatter module is an automated collection and aggregation system for the analysis of multiple streams of underground hacker chatter.   

Information Leak

This Information Leak module makes use of chatter monitoring and deep web monitoring capabilities to identify compromised credentials being circulated by hackers.  

Social Engineering

The Social Engineering Module is used to determine the potential susceptibility of an organization to a targeted social engineering attack.  

What is the OneTrust Third-Party Risk Exchange?

The OneTrust Third-Party Risk Exchange is a collaboration and information sharing platform that brings businesses and their third parties together into a single community to share information and build mutual trust. Thousands of organizations and their third parties participate in the Exchange to collectively centralize and share critical information about their security, privacy, ethics and compliance, and ESG programs. This community-based approach makes third-party risk easier for everyone involved – both you and your third parties.   

The Exchange streamlines vendor risk assessments by giving third parties the ability to share assessment answers with the click of a button. Meanwhile, assessment requesters can view the results via the Exchange, which are automatically analyzed to generate risk analytics and control gap reports.

Additionally, third parties that join the Exchange get access to valuable capabilities, including the ability to build and share their free Trust Profile, a shareable profile that third parties use to aggregate key information about their security, privacy, ethics, and ESG programs. Third parties also have the ability to create a library of assessment answers and use that information to autocomplete any new ones they receive.

SecurityScorecard is a Silver Sponsor at TrustWeek from May 23-26. As a result of the partnership, all OneTrust members can take advantage of a complimentary SecurityScorecard Enterprise License that enables you to monitor your organization as well as up to five vendors.

Learn more about the OneTrust Third-Party Risk Exchange and the partnership with SecurityScorecard by requesting a demo here.  

Blog

OneTrust Third-Party Risk Exchange now provides SecurityScorecard Cybersecurity Rating

What is the SecurityScorecard Cybersecurity Rating?

Network Security

DNS Health

Patching Cadence

Endpoint Security

IP Reputation

Application Security

Cubit Score

Hacker Chatter

Information Leak

Social Engineering

What is the OneTrust Third-Party Risk Exchange?

You may also like

Third-Party Risk

Unpacking global regulatory frameworks to enhance third-party operational resilience

Register for this OneTrust webinar to learn about the relevant resilience focused requirements of DORA, NIS 2, and other global regulations.

December 11, 2024

Technology Risk & Compliance

Understanding the NIS 2 Directive: Compliance insights and best practices

This DataGuidance webinar explores the latest and expected developments in the implementation of the NIS 2 Directive, focusing on practical compliance strategies to ensure your organization is prepared.

December 04, 2024

Third-Party Risk

Rise above risk: Third-party management in technology

November 21, 2024

Privacy Automation

Defining a new direction for data

As AI continues to offer unparalleled opportunities for business innovation, it also presents risks that organizations must tackle head-on through scalable governance programs that span multiple data sources. Six key trends are defining these challenges.

November 13, 2024

Third-Party Risk

Bill S-211: Will you be ready by May 31?

In this webinar, our experts will discuss the Canadian regulation and others like it globally, while providing actionable insights into building a robust and mature Third-party program.

November 07, 2024

Third-Party Risk

Tackling IT security risks for banks in South Africa

Join our OneTrust webinar on tackling IT security risks for banks in South Africa. Explore strategies for safeguarding sensitive data, ensuring POPIA compliance, and managing cyber threats. Gain actionable insights to strengthen your security posture and build customer trust.

October 31, 2024

Privacy Automation

Build resiliency and operationalize compliance with OneTrust: Fall product release recap, 2024

Join our upcoming product release webinar to explore how these new capabilities can help your organization navigate complex frameworks, streamline third-party management, and accelerate AI and data innovation.

October 22, 2024

Third-Party Risk

Live Demo EMEA: Building a robust third-party risk management program with OneTrust

Join to explore how OneTrust's TPRM solution can revolutionize your third-party risk management approach. We will cover best practices for implementing and leveraging the software to minimize risks.

October 10, 2024

Third-Party Risk

Simplifying vendor risk management

Streamline third-party relationships and avoid common mistakes in the process.

October 03, 2024

Third-Party Risk

Essential checklist for simplifying third-party risk management

Third-party management doesn’t have to be a complicated process for your business.

October 02, 2024

Third-Party Risk

Navigating risk in financial services with third-party management

Working with third parties introduces privacy and security risks, making compliance and business growth a balancing act.

October 01, 2024

Third-Party Risk

Manufacturing risk: Managing third parties in the supply chain

Third-party management keeps manufacturing operations running smoothly by verifying vendor and supplier compliance with regulations.

September 30, 2024

Third-Party Risk

The complete guide to third-party management

It’s imperative for security teams to implement a holistic approach to third-party management.

September 27, 2024

Third-Party Risk

Strengthen your third-party ecosystem: Strategies to combat modern slavery, anti-bribery, and corruption

Join our upcoming webinar to learn how to navigate the complexities of managing modern slavery, anti-bribery, and corruption within your third-party ecosystem.

September 26, 2024

Third-Party Risk

PDPL and third-party risk

Join us in a webinar where we will discuss PDPL, third-party risk, and compliance best practices. Learn how you can automate and simplify your third-party management program with OneTrust.

September 19, 2024

Third-Party Risk

APAC - Third-party risk management and due diligence: What’s the difference and why does it matter?​

Join this APAC webinar to learn the unique competencies of third-party risk and due diligence programs and examine when and how to align them to maximize the effectiveness of each.

September 18, 2024

Third-Party Risk

Navigating the intersection: Third-party risk management in South Africa's evolving data landscape

DNS Health  

Patching Cadence  

Endpoint Security  

APAC - Third-party risk management and due diligence: What’s the difference and why does it matter?