Third-Party Risk Assessment

Logo cybergrx resolver

Resolver has completed aCyberGRXassessment which has been independently validated by Deloitte and KPMG. Customers can leverage Resolver’s CyberGRX report to reduce their supplier due-diligence burden. These assessments apply a dynamic and comprehensive approach to third-party risk assessment, replacing outdated static spreadsheets, and the need to repetitively request access to Resolver’s assessment each year. CyberGRX assessments provide advanced capabilities by integrating Resolver’s responses with analytics, threat intelligence, and sophisticated risk models, based on known breach cyber kill chains, to provide an in-depth view of Resolver’s security posture.

Customers can use CyberGRX’s Framework Mapper feature which allows them to map Resolver’s assessment to commonly used industry frameworks and standards to instantly gain visibility into controls coverage, and reduce customers’ third-part supplier due-diligence burden. This includes National Institute of Standards and Technology (NIST)800-53,NISTCybersecurity Framework,International Organization for Standardization (ISO)27001,Payment Card Industry Data Security Standard (PCIDSS),and U.S. Health Insurance Portability and Assessment Act (HIPAA).

Please fill out the form to request accessto Resolver’s complimentary CyberGRX assessment report.

 

Third-party cyber risk management (TPCRM) services such asCyberGRXare used to better manage risks from evolving environments and to drive operational efficiencies.

The CyberGRX assessment applies a dynamic approach to third-party risk assessment. This integrates advanced analytics, threat intelligence, and sophisticated risk models with vendors’ responses to provide an in-depth view of how their security controls help protect against potential threats.

Vendor profiles are continuously updated as the risk level of cloud service providers changes, or asResolverupdates its security posture and controls. This approach eliminates outdated static spreadsheets for third-party risk assessments, in which the risk matrices are not updated in near real time.

 

About CyberGRX

The CyberGRX assessment methodology identifies both inherent and residual risk. It uses near real-time threat analysis and independent evidence validation to provide customers with a holistic view of their third-party cyber risk posture.

CyberGRX is the world’s first and largest collaborative risk exchange. Their analytical methodology builds threat intelligence and sophisticated risk models from just one validated assessment. With insights on risk across data security and privacy, the CyberGRX assessment features not only in-depth insights on residual risk, but combines attack scenario modeling and the MITRE ATT&CK kill chain to monitor evolving tactics and techniques in the threat landscape.

 

Resolver and CyberGRX

CyberGRX, utilizing their strategic partners Deloitte and KPMG, has validated and reported on the assessment of the Resolver which consists of over 400 security questions and corresponding Resolver responses. CyberGRX takes into account inherent risk, industry-specific threat intelligence, and real-world attack scenarios. This gives customers the ability to validate Resolver’s security posture with outside-in evidence in order to generate results that are focused on risk, as opposed to simple compliance.

Resolver understands the need for our customers to leverage efficient tools that will help their organization swiftly assess risk, including assessing potential risk which they may assume due to leveraging a third-party for key services, like us.   We also understand that our customer base is vast and diverse, and that these customers have varying priorities, and come from a variety of industries.   Scaling to these diverse needs requires Resolver to look for effective methods that broaden and amplify our ability to share key knowledge which will facilitate all customers whatever their security. Collaborating with a third-party assessment firm like CyberGRX is one way we allow our customers to be nimbler in their risk assessment pursuit.

CyberGRX’s model gives organizations interested in Resolver’s security control implementation the ability to select the controls they are most interested in, and provides validated responses for their review. Resolver benefits from this model as we can also be agile in our ability to provide updates, and our responses are essentially available to any member of the CyberGRX exchange, providing more customers access to this key information.   In short, CyberGRX helps Resolver reach more customers with risk assessment needs and underscores our commitment to transparency and security.