Physical and digital supply chains have widened exponentially in recent years, causing cybersecurity threat vectors to multiply. With this increasing reliance on third parties, it’s extremely difficult for organizations to manually monitor every third party’s cybersecurity risk. 

To help organizations with this challenge, OneTrust is partnering with RiskRecon, a Mastercard Company to make cybersecurity ratings available out-of-the-box to all Third-Party Risk Exchange customers. 

The partnership pulls thousands of RiskRecon grades into the OneTrust Third-Party Risk Exchange and enables organizations to understand the cyber risk posture of their third parties, empowering teams to prioritize risk-reduction efforts. The score allows for ongoing monitoring throughout the third-party relationship lifecycle with scores being updated on a regular basis. 

“At OneTrust, we recognize the value of a premier data set like RiskRecon and understand the value it brings to customers who use the OneTrust Exchange. The data will strengthen our customers’ abilities to leverage data in making risk-informed decisions at scale,” said OneTrust’s Third-Party Management General Manager Matt Moog.

How will the partnership reduce third-party risks?

With visibility into a third party’s cyber risk grade, customers can take proactive measures and work directly with their third parties to reduce risks identified by the RiskRecon grade. 

In addition, organizations that are customers of both OneTrust and RiskRecon can take further advantage of the integration by setting up automated workflows to take action when grades change.

For example, when scores reach a defined threshold, the OneTrust platform can automatically:

• Create a New Risk 
• Trigger an Automated Assessment 
• Kickoff an Incident Response Workflow 
• Notify Key Stakeholders via Email 
• Update Your Vendor Inventory

What is the OneTrust Third-Party Risk Exchange?

The OneTrust Third-Party Risk Exchange is a global community that brings businesses and their third parties together into a single community to share information and build mutual trust. Thousands of organizations and their third parties participate in the Exchange to collectively centralize and share critical information about their security, privacy, ethics, and ESG programs. This community-based approach makes third-party risk easier for everyone involved – both you and your third parties.  

How is RiskRecon’s cyber risk rating determined? 

RiskRecon’s grading system is based on a variety of factors, beginning with a deep assessment for asset discovery. This assessment is refreshed every two weeks thanks to the training of supervised machine learning models for each company. 

The grading system covers:

• Software 
• IT Infrastructure 
• Geolocation 
• Hosting Providers 
• Fourth Parties 
• Domains 
• Systems 
• Configurations

Within each security domain, RiskRecon reports overall current performance, trends, and industry benchmarks, backed by detailed information summaries and descriptions along with issue severity and risk priority. 

Among other factors that scrutinize third parties’ security posture, RiskRecon’s grade for that company is then produced and added to the OneTrust Third-Party Risk Exchange profile, along with other information from additional data providers.

Request a demo of OneTrust to see RiskRecon grades for thousands of third parties in the OneTrust Exchange.

About RiskRecon, a Mastercard Company

RiskRecon, a Mastercard Company, enables you to achieve better risk outcomes for your enterprise and your digital supply chain. RiskRecon’s cybersecurity ratings and assessments make it easy for you to understand and act on your risks, delivering accurate, risk-prioritized action plans custom-tuned to match your risk priorities. Learn more about RiskRecon and request a demo at www.riskrecon.com.