OneTrust is partnering with ISS Corporate Solutions (ICS) to enable new cyber risk scoring capabilities for all Third-Party Risk Exchange customers. The partnership will help organizations understand the cyber risk posture of their vendor ecosystem.

Starting today, ISS Cyber Risk Scores are available for thousands of vendors at no additional cost for all OneTrust Vendorpedia™ Third-Party Risk Exchange customers. The Exchange consists of thousands of pre-completed vendor risk assessments and aggregated research on 70,000+ vendors, spanning nearly every country and all industries, from small businesses to global multinationals. OneTrust will continue to provide robust plug-in integrations and pre-built workflows for other leading Security Rating Service (SRS) providers.

The ISS Cyber Risk Score indicates the future likelihood of a significant breach event. Vendors with a score of 300 are 32x more likely to have a data breach than those with a score of 850. As a result, customers of the Third-Party Risk Exchange can leverage the ISS Cyber Risk Scores to:

  • Pinpoint vendors that present significant cybersecurity concerns
  • Prioritize vendors that require more in-depth cybersecurity assessments
  • Identify vendors requiring reassessment due to sudden drops in their Cyber Risk Score

Request a demo of OneTrust Vendorpedia to see ISS Cyber Risk Scores for thousands of vendors in the Third-Party Risk Exchange

Who is ISS Corporate Solutions?

Originating in 1997, ISS Corporate Solutions (ICS) has upheld a legacy of providing industry standard solutions to corporate governance, executive compensation, and sustainability for the last 24 years. ICS works with a wide variety of stakeholders to design and implement innovative products into the marketplace that keep pace with business needs, providing research, robust analytics, and expert advisory services.

The ICS mission is to help companies design and manage their corporate governance, executive compensation, and sustainability programs in a way that aligns with company goals, reduces risk, and manages the needs of a diverse shareholder base by delivering best-in-class data tools and advisory services.

What is the ISS Corporate Solutions Cyber Risk Score?

In October 2020, ISS acquired FICO® Cyber Risk Score Business furthering their mission to help companies design and manage their corporate governance.

According to ISS, “The ISS Cyber Risk Score is the most predictive cyber risk quantification signal that you can incorporate into your risk management programs. The score distills a broad range of raw data signals into an easy to use and actionable metric. The versatility of the score allows it to be used in a variety of application scenarios including self-assessment and cyber resilience metrics, vendor management, cyber insurance underwriting and financial asset risk management.”

ISS Cyber Risk Score* is the top-rated category leader in the Chartis Cyber Risk Quantification Solutions, 2020 – Market Update and Vendor Landscape. Read the report

What Will the Partnership Address?

Our partnership pulls thousands of ISS Cyber Risk Scores in the OneTrust Third-Party Risk Exchange and enables organizations to understand the cyber risk posture of their vendors, empowering teams to prioritize risky vendors based on their cyber risk score.

Organizations using the Third-Party Risk Exchange get added value by being able to view their vendors’ ISS Cyber Risk Scores out-of-the-box (for free), which provides insight into vendor risk and allows for ongoing vendor monitoring throughout the third-party relationship lifecycle.

How Will This Help Reduce Vendor-Related Risks?

With visibility into a vendor’s cyber risk score, customers can take proactive measures and work directly with their vendors to reduce risks identified by the ISS Cyber Risk Score. Organizations that are customers of both OneTrust Vendorpedia & ISS can take further advantage of the integration by setting up automated workflows to take action when vendors’ Cyber Risk Scores change.

For example, when scores reach a defined threshold, OneTrust Vendorpedia can automatically:

  • Create a New Risk
  • Trigger an Automated Assessment
  • Kickoff an Incident Response Workflow
  • Notify Key Stakeholders via Email
  • Update Your Vendor Inventory

Request a demo of OneTrust Vendorpedia to see ISS Cyber Risk Scores for thousands of vendors in the Third-Party Risk Exchange

Further reading & next steps: 

Follow OneTrust on LinkedInTwitter, or YouTube for the latest on cyber risk scores.