What is the CrowdConfidence Score?
The CrowdConfidence Score is a customizable scoring system used to compare your vendors by how they respond to security assessments. Scoring helps you quickly understand the specific areas that a vendor requires additional attention. It also provides visibility into a vendor's security performance by benchmarking risk and allowing comparisons across vendors.
Think of it like a credit score, where the riskiest vendors have around a 300 score and the most secure are up near 850. The CrowdConfidence score is especially useful when comparing and ranking your vendors according to risk. However, a good guideline of score breakdowns are:
300 - 515 = poor
515 - 680 = average
680 - 850 = excellent
How can I use the CrowdConfidence score?
Score your own organization. Once you have completed questionnaires for your own company, your Dashboard will display the summary of your score.
You can measure and track improvement over time using any one of the industry standard questionnaires that Whistic Supports - such as the CAIQ, VSA, SIG, etc. Most of the industry standards come with scoring set up automatically. If you choose to create a custom questionnaire, you must manually set up scoring for the CrowdConfidence to work.
Score your Vendors. Once a vendor has returned an assessment, you can begin using the CrowdConfidence score to measure risks and strengths. As mentioned, this is especially helpful when determining where to spend your time. For example, if you have a handful of vendors with scores, you can easily identify the riskiest ones and address those first.
You can also use the score as a 'threshold' at which you will allow vendors access to certain information or even work with them at all.
You can find Crowd Confidence Ranges and Scores in Vendor Catalog (and vendor detail pages), Reporting, and Trust Catalog.
Supported Questions: currently only the following answer types can be weighted (scored):
Note: compliance can only be set on one answer in the list
Vendors obtain a high CrowdConfidence score by giving compliant answers or by replying N/A to a scored question. N/A responses are scored because, in many cases, they reflect the vendor's inherent risk. A vendor who responds N/A to any question in the platform is required to add a comment.
For example: If you are assessing a janitorial company that comes once a week to vacuum the floors. When this vendor takes a questionnaire they are going to be answering N/A to almost all of the questions. Because this company doesn't have access to any company, user, or procedural data etc. Due to the inherent risk of this vendor they are going to have a high CrowdConfidence score even though they answered N/A to most of the questions.