Digital transformation is creating unpredictable mutations across the attack surface. As a result, some third-party risks have outgrown the discovery mechanisms offered by the hundreds of standard security frameworks currently available.
To cater to these growing use cases, UpGuard has introduced custom questionnaires to its industry-leading third-party risk management platform.
What are Custom Questionnaires?
Custom questionnaires are vendor security questionnaires that you can design yourself. These assessments are ideal for highly specific third-party risk requirements.
For example, when the SolarWinds breach occurred, organizations evaluating their security needed to ask their vendors a specific set of questions that could not be addressed through standard frameworks.
By combining custom questionnaires with pre-designed risk assessments, third-party risk management is further optimized. Common third-party risks can be evaluated at speed with pre-designed questionnaires and nuanced vulnerabilities can be targeted with custom questionnaires.
How to use UpGuard’s Custom Questionnaire Builder
You can now build your own security questionnaires inside the UpGuard platform. Start from a blank canvas or edit an existing framework from our growing library of questionnaires.
All questionnaires can be designed with 6 different conditional logic question types to give you complete control over the level of detail required in each assessment.
- Sections: Use sections to organize your questionnaire into chapters or to segregate questions by theme. Sections can also be used to create the table of contents if you choose to include one.
- Single-select questions: A single option from a predefined set of mutually exclusive answers.
- Multi-select questions: Multiple options from a predefined set of answers. For
- Text questions: A free-form text field
- File uploads: Upload pdf, doc, docx, jpg, png, xlsx, csv, or pptx documents. Each document can be up to 10 MB.
- Identified risks: Automatically identify third-party risks based on predefined response conditions. Work with third parties to resolve identified risks using the remediation tracking and auditing built into the platform.
Starting from an Existing Temple
To easily modify an existing questionnaire, navigate to the Questionnaire Library, click on “duplicate.”
You will then be taken to the questionnaire builder where you can start modifying the duplicated questionnaire.
Starting from a Blank Canvas
To build a bespoke questionnaire from scratch, navigate to the Questionnaire Library and click on “Create Custom Questionnaire” in the top right.
This will initiate the questionnaire builder workflow where you can implement all of the conditional logic elements that matter to you.
Upcoming UpGuard Features
Data Breach News Feed
The data breach news feed is a curated list of publicly disclosed data breaches displayed within the UpGuard platform.
This feature is separate from the data leak detection service within CyberResearch, where data leaks are discovered and shut down before they’re exploited by cybercriminals.
The UpGuard data breach news feed displays the latest critical breaches within the public domain. This information is garnered from media coverage and data breach registries.
This feed will reside on a dedicated page to allow seamless tracking of data breach news stories that matter to you. To help customers remain vigilant to unfolding threats with wide impact potential, the UpGuard data breach feed is not limited to data breaches impacting your vendors, it’s an industry-wide feed.
That being said, UpGuard customers can view data breaches impacting specific vendors by clicking on their profiles. This will provide an explanation of the breach to help you understand the implications, as well as links to relevant articles for further reading.
By empowering customers to remain at the cusp of global cyberattack events, risk assessments can be preemptively contextualized to further reduce the impact of third-party breaches.
Remediation Planner
UpGuard's remediation planner helps customers understand specific risks affecting the security score of either their internal network or specific vendors. You can choose a set of risks, and see how the score would be affected if they were remediated. You can easily create a remediation request based on this set of risks. Whoever you send the remediation request to can also see the impact that fixing the risks will have on their score.
This provides greater transparency around the impacts of risks on an organization’s security score, and helps you better plan your remediation activities.
Vendor Shared Profiles
With more and more companies using UpGuard to manage their vendor risk, there are now thousands of vendors that have completed security questionnaires within the platform.
The new Vendor Shared Profile feature allows vendors to save the responses to questionnaires they answer within UpGuard, and make them available to any UpGuard customers.
When a vendor completes a questionnaire, they’ll be invited to store it in their (free) UpGuard account, and whenever an UpGuard customer looks up their security profile, that customer will be able to request access to the questionnaire. Once the vendor approves the request, the UpGuard customer can see the answers.
This benefits both the UpGuard customer-base and their vendors. UpGuard customers can view previously completed questionnaires, rather than sending the vendor a new one. And vendors can answer questions once, and share them multiple times, rather than having to answer the same questions again and again.
Get a Free Demo of UpGuard’s Custom Questionnaire Builder
UpGuard’s custom questionnaire builder empowers organizations to evaluate distinct risks while still leveraging the efficiency of pre-designed questionnaires for the majority of use cases.
Establish complete control over your third-party risk program, CLICK HERE for a FREE demo of UpGuard’s questionnaire builder today!
