Table of Contents
Summary
As you get ready to start sending security assessments to your vendors, it's important to think about how you'll use scoring to guide your Vendor Risk Management (VRM) program.
Whistic offers a powerful scoring engine called the CrowdConfidence Score. This score is automatically applied to most industry-standard security assessments, such as the CAIQ, VSA, CIS, etc.
If you're using a Custom Questionnaire, setting up the scoring involves just a few additional steps. Both the standard and custom questionnaire scoring can be customized to align with your organization's priorities. Changes to the score will be retroactively applied to past reports and reviews.
Steps
Industry Standard Questionnaires:
Most industry-standard questionnaires have CrowdConfidence scoring enabled by default. The scoring algorithm is regularly updated to more accurately represent the top security concerns in the industry. Nevertheless, you have the option to adjust these weights to align with your company's preferences.
1. Designate compliant answers. For all industry-standard questionnaires, this is automated so no additional action is needed.
2. Select a score weight. Go to the Questionnaire tab > find the questionnaire > mouse over the tile and select Score Builder. Each question can be given a weight between 0 and 5, with 0 indicating the lowest or N/A and 5 being the most important. If a wider scale is preferred, a 0-10 scale is also available through a change in your Company Settings.
Access to industry-standard questionnaires may be limited based on your plan type. If you have questions about access, please contact your Whistic Representative or support@whistic.com.
3. Expand each section to view the questions that can be weighted. Use the dropdown alongside each question to indicate the question weight. Note: only the following answer types can be weighted:
-
Boolean (Yes/No)
-
Multiple Choice
-
Multiple Answer
-
Note: compliance can only be set on one answer in the list
-
Custom Questionnaires:
Unlike the industry standard questionnaires, custom questionnaires won't automatically have a compliant answer set up for each question. The first step is to set up the compliant answers.
1. Go to the Questionnaires tab
2. Scroll to the bottom section, Custom Questionnaire Drafts > mouse over your draft and select Edit. For help creating a custom questionnaire, go here.
3. Expand each section to view the questions that can be weighted. Use the dropdown alongside each question to indicate the question weight. Note: only the following answer types can be weighted:
-
Boolean (Yes/No)
-
Multiple Choice
-
Multiple Answer
-
Note: compliance can only be set on one answer in the list
-
4. Finally, go back to the main Questionnaire page and locate your live questionnaire (not in the draft section). Hover over the questionnaire and select the Score Builder option.
Adjust the weights for each question according to your company's preferences.
NOTE: Score Builder can be added at any time to questions that were created or set up for compliant answers. The score will be updated on a returned questionnaire whether the review is in process or completed.