New navigation (left and top): Changing UI to bring better clarity to the workflow. Easier to navigate around and track decisions.Classification impact, FISASCORE, and evaluation progress is known at a glance in an easy to see visual at the top.
1.1 (New Navigation)
Clicking on the navigation icons at the top allows the risk manager to navigate back to verify answers provided by vendors at any time during the evaluation process
Impact level and FISASCORE are easily viewable in the upper right corner of UI
Improvements to import: Removed unnecessary data fields in the template. Added in-app messaging that better explains the import process.Cleaner UI gives clarity to imported information and provides a cleaner interface as to what is being imported.
1.2 (Import window)
Team member is viewable before importing, along with the business unit and email address.
New scored classification questionnaire: Concentrating on the right questions to determine each vendor’s potential risk impact to the organization.
Maintained for current customers as is. Still defensible, but methodology is slightly different.
Classification questions are more focused.
1.3 (New Questionnaire)
Disclaimers for Vendor: Added a signed disclaimer for vendors that emphasize the seriousness of their responses. Makes clear the responsibility of their truthfulness, and the legal ramifications of not being completely honest.
1.4 (Disclaimer to Vendor)
Revised high impact assessment: More comprehensive than ever and reflects the latest threat landscape. Will provide more insight into the nuances of each high impact vendor’s infosec posture.
Scoring is more refined and provides a better insight into possible risks
New UI for assessments:
For Vendor: We have added features that help vendors 1) understand what type of information is being asked and 2) engage the right team members to provide it in a timely manner.
Questions are arranged into logical sections with similar areas of focus, allowing vendors to organize their teams efficiently
Progress of each section is shown at a glance, allowing vendors to know which portions of the assessment still need to be completed
1.5 (Assessment index page not started)
6 (Completed assessment index page)
Toggle between the “All” and “Incomplete” buttons to show parts of the assessment that need to be completed.
Clicks between questions are kept at a minimum, and vendors can easily transition between sections.
1.7 (Drill Down into the assessment section)
For Risk Managers: Easier to collect and make sense of the important information. Review easily for next steps.
1.8 (Bar Graph and reports)
1.9 (Bar Graph and reports)
Easy-to-read bar graphs are provided after vendor assessment to show risk in different control areas
Explanation of each vendor’s FISASCORE provided
Information gathered in one place, and can easily be deciphered
Important information – impact level, FISASCORE, and treatment options - is known at a glance
Two new reports:
Executive Summary Report can be downloaded and shared with C-suite level management. Shows highest level metrics in three-month trend, ideal for summarizing important information for key decision makers
1.10 (Executive Summary Report)
Assessment Summary Report, which contains all questions and vendor responses, can be downloaded and shared with vendors and/or retained for future records.
1.11 (Assessment Summary Report)