RiskLens Releases Next-Generation
Third Party Risk Assessment Solution

Up to 10 times faster assessments of
third party risk management practices than customary checklists


Spokane, WA and Reston, VA - Oct 13, 2015 /PRNewswire/ - RiskLens, the premier provider of cyber risk management software is proud to announce the release of 'Cyber Risk Third-Party', a next-generation risk assessment solution for organizations that aim to effectively assess the risk management practices of third parties such as vendors, partners, cyber insurance buyers or acquisition targets. 

Moving beyond ineffective checklists

Effectively managing the risk associated with third parties is one of the most important and challenging elements of almost any risk management program.  To-date, the process has typically involved the use of lengthy checklists of common controls and best IT security practices that require significant time and effort on the part of third parties to fill out.

On top of that, information security teams spend significant time and resort to subjective judgment to evaluate the completed assessments.  Too often, the length, detail, and ambiguity within these checklists drive third parties to “pencil whip” their answers, which can result in time consuming follow-up conference calls with the security team.  

“We have developed Cyber Risk Third-Party to help organizations that have been struggling with the use of lengthy and difficult to interpret questionnaires for third-party risk assessments. They asked us to develop a more practical alternative solution that was easier to use, improved their understanding of an organization's risk posture, and that was based on a recognized international standard such as FAIR”, says Steve Tabacek, CEO of RiskLens. " Early users of the solutions include leading banks, mortgage providers and insurance companies."

 Leveraging FAIR, a standard cyber risk management model

RiskLens' Cyber Risk Third-Party application changes the paradigm by leveraging a sophisticated risk management ontology, which distills the questions to those few that provide meaningful intelligence about a third-party’s risk management practices and controls. This drastically reduces the amount of time required to complete the questions and evaluate the results.

Furthermore, the structure of the ontology defines the relationships between each of the questions and Bayesian probability tables define their relative effect.  As a result, an organization no longer has to rely solely on the subjective judgment of their information security personnel to interpret the results.  Consequently, an organization can realize both cost savings in dealing with questionnaires and better risk intelligence about the third parties they deal with. 

Advanced reporting

A new set of reports allows customers to compare third-party assessments against their own Cyber Risk Maturity and identify the third parties that are of most concern from a risk management perspective. 

Cyber Risk Third-Party reporting also includes assessments of compliance to NIST CSF and quantification of loss magnitude. 


Workflow built for mass assessments

Cyber Risk Third-Party is built to efficiently manage and assess hundreds and even thousands of vendors. The built-in notification system keeps you informed of vendor workshop completion and scheduling of future assessments so that you can focus on what matters.

Vendor portal

A separate vendor portal allows third parties to access their own assessment. Third parties can create their own users and self assign them to the workshops that they are tasked to complete, minimizing delays in assessment completion.

The Cyber Risk Third-Party application will be generally available as of October 14th, 2015. Interested parties can request a demo at http://www.risklens.com/schedule-a-demo


About RiskLens

RiskLens is the premier provider of cyber risk management software. RiskLens empowers large enterprises and government organizations to manage cyber risk from the business perspective by quantifying it in dollars and cents. 

Our customers leverage RiskLens to understand their cyber risk exposure in financial terms, prioritize their risk mitigations, measure the ROI of their security investments, and optimize their cyber insurance coverage. RiskLens is the only cyber risk management software purpose-built on FAIR, the only international standard Value at Risk (VaR) model for cyber security and operational risk.

For more information visit the RiskLens website at www.risklens.com.