Table of Contents
Summary
As you get ready to start sending security assessments to your vendors, it's important to think about how you'll use scoring to guide your Vendor Risk Management (VRM) program.
Whistic offers a powerful scoring engine called the CrowdConfidence Score. This score is automatically applied to most industry-standard security assessments, such as the CAIQ, VSA, CIS, etc.
Some of the benefits of this system are:
- Easy setup - Learn more below
- Apply to both industry standards (CAIQ, SIG, etc) and custom-questionnaires
- Easily compare different questionnaires across the same scoring metric
- Customize the scoring by adjusting the weight of specific questions
- Changes to the score will be retroactively applied to past reports and reviews
๐ Begin Using CrowdConfidence
๐ฏ Determine your scoring method
You have control of your score ranges. To select the option that works for you, go to Assess Assess Settings to the Score Builder Settings. Here, you will select from 3 options:
- Whistic Standard - This is the default option. A range between 300-850 to support other risk monitoring solutions.
- Percentage - Think grade-school, a range of 1-100.
- Custom - Choose your own adventure. If you select this option, be sure to fill in the Minimum and Maximum text boxes and select Save.
This allows for easy comparison of all questionnaires, across different standards and various lengths.
โ๏ธ Adjust Your Industry Standard Questionnaires
Most industry-standard questionnaires have CrowdConfidence scoring enabled by default. The scoring algorithm is regularly updated to reflect the top security concerns in the industry. However, you can adjust these weights to align with your organization's priorities.
To adjust questionnaire weights:
- Navigate to the Assess drop-down at the top of your Whistic account and select Questionnaires
- Locate the questionnaire you want to adjust
- Hover your mouse over the questionnaire tile and select Score Builder
- Assign a weight to each question:
- 0 = Lowest priority or Not Applicable
- 1-4 = Varying levels of importance
- 5 = Highest priority
Please note that as of March 2025, you can choose from a standard Whistic scoring scale, a percentage scale or a custom scale. Please see HERE for additional information on this. Access to industry-standard questionnaires may be limited based on your plan type. If you have questions about access, please contact your Whistic Representative or support@whistic.com.
3. Expand each section to view the questions that can be weighted. Use the dropdown alongside each question to indicate the question weight. Note: only the following answer types can be weighted:
- Boolean (Yes/No)
- Multiple Choice
- Multiple Answer
- Note: compliance can only be set on one answer in the list
๐ ๏ธ Adjust your Custom Questionnaires
Unlike the industry standard questionnaires, custom questionnaires won't automatically have a compliant answer set up for each question. The first step is to set up the compliant answers.
- Go to the Questionnaires tab (from the Assess drop-down at the top of the page)
- Scroll to the bottom section, Custom Questionnaire Drafts mouse over your draft and select Edit. For help creating a custom questionnaire, go here.
3. Expand each section to view the questions that can be weighted. Use the dropdown alongside each question to indicate the question weight. Note: only the following answer types can be weighted:
- Boolean (Yes/No)
- Multiple Choice
- Multiple Answer
- Note: compliance can only be set on one answer in the list
4. Finally, go back to the main Questionnaire page and locate your live questionnaire (not in the draft section). Hover over the questionnaire and select the Score Builder option.
Adjust the weights for each question according to your company's preferences.