Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook
Topics
ISO 27001
NIS2
Getting started
Framework management
Product security
Settings & advanced
Trial and subscription
User management
Community
Documentation
Personnel guidelines
Reporting
Task management
GDPR
Internal auditing
Personnel security
Risk management
Working as a partner
Continuous improvement
Team collaboration
Show all topics
Webinars
Intro to NIS2 directive, local NIS2 laws and Cyberday ISMS
Introduktion till NIS2-direktivet, lokal NIS2-lagstiftning och Cyberdays ISMS
Einführung in die NIS2-Richtlinie, lokale NIS2-Gesetze und Cyberday ISMS
Show all webinars
Videos
Asset documentation
Continuously improving your ISMS
Cyberday overall intro
ISO 27001 and certification audit fundamentals
ISO 27001 and personnel awareness
ISO 27001 and risk management
ISO 27001 introduction
Mastering NIS2 Compliance with Cyberday
NIS2 introduction
Show all videos
Helps
Admins
Documentation
Frameworks
Guideline mgmt
Other features
Partners
Reporting
Setup and integrations
Task mgmt
User management
Show all helps
Blogs
ISO 9001 standard: A peek inside the Quality framework
Navigating the Cybersecurity Maze: Master NIS2 with the help of ISO 27001
Top 7 information security standards, frameworks and laws explained
Corporate Security Alert: Identifying Dangerous Apps on Employee Phones
AI Act, cyber risks and breaches: Cyberday product and news roundup 1/2024 🛡️
Show all blogs
Content library
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Unfortunately something went wrong. You can contact us at team@cyberday.ai.
Cyberday.ai
Get started
Login
Academy home
Helps
Managing and sending vendor security assessments

Managing and sending vendor security assessments

Security assessments are meant for evaluating organization's readiness against a common security framework, like NIS2 or ISO 27001.

With vendor security assesment, an organization using Cyberday can improve their supply chain security by monitoring the readiness of suppliers and encouraging them to improve their own information security management.

Related article: Filling security assessments

Categorizing your vendors

Quite often organizations have at least 3 types of vendors differing by their importance and your bargaining power.

  • High importance, low bargaining power: The global giants (e.g. Microsoft, AWS) that are often strongly certified and who you can't really affect as a customer
  • HIgh importance, high bargaining power: The important suppliers that you've chosen to trust (e.g. provider of your ERP system, your sales partner) and you can demand something from.
  • Low importance: The ones who don't have a big impact on your security posture.

You want to aim your security monitoring efforts - and e.g. your vendor security assessments, on the 2nd category.

To categorize your vendors, you can utilize this section on the documentation card:

Sending vendor security assessments

To prepare for sending an assessment to a vendor, you need to check out these steps:

  1. Categorize the vendor as requiring "Own monitoring actions"
  2. Fill the email to send the security assessment to

Once you've done these, you will see a section to send the assessment for the corresponding vendor.

Vendor assessment settings and overview

Vendor management features are located under the "Partner management" ISMS theme. You can see a "Assessments" tab on the front page of the theme, displaying the key metrics:

From the assessment settings modal, you can select security framework to base your assesments on.

Tip: Utilize a framework that is familiar to you, so you get more out from the vendor responses.

Experience for vendors recieving the assessment requests

Once you decide to send out assessments, vendors will receive an email like this:

The button will take them immediately to the assessment, without any signups or other obstacles.

After the vendor has filled out the assessment, they will see an overview of their results on a report.

Vendor can also choose to create their own Cyberday account on the last step, and get all this filled information immediately imported to their new ISMS.

Content

Share article

Other similar content from Academy

Help articles

Calculating risk level in Cyberday
Content: Tasks, Documentation, Guidelines and Reporting
Distributing reports via Guidebook
Favourites: Highlight frequently used items
Feature: Improving translations - How you can help to develop Cyberday
Filling security assessments
How can I export data from Cyberday?
How do I create cyber security reports?
How to use the (internal) audit feature
How to use the metrics feature
Incident management: Extension for employee security incident reporting through Guidebook
Linking existing SharePoint files to your Cyberday content
Managing and sending vendor security assessments
Multilingual work in Cyberday
Personalize the menu by pinning items
Posting, replies and notifications in Community
Printing tips for reports
Publishing embeddable reports on your website
Setting a custom logo for your organization
Share reports through Microsoft Teams channels
Using "security statement" reports
Using compliance reports
Visual mode draws out documentation item's connections
Vote and post ideas on Development ideas -section
What kind of logging is available about changes in your Cyberday account?
What kind of notifications are available?

Subscribe to Academy today

Elevate Your Knowledge with Exclusive Access to Weekly Webinars, Video Courses, Help Articles, and Blogs.

Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Topics
ISO 27001
Internal auditing
Continuous improvement
Personnel security
Working as a partner
Show all
Webinars
Intro to NIS2 directive, local NIS2 laws and Cyberday ISMS
Introduktion till NIS2-direktivet, lokal NIS2-lagstiftning och Cyberdays ISMS
Einführung in die NIS2-Richtlinie, lokale NIS2-Gesetze und Cyberday ISMS
Show all
Videos
Mastering NIS2 Compliance with Cyberday
ISO 27001 introduction
NIS2 introduction
ISO 27001 and certification audit fundamentals
Asset documentation
Show all
Helps
Documentation
Partners
Other features
Reporting
Guideline mgmt
Show all
Blogs
ISO 9001 standard: A peek inside the Quality framework
Navigating the Cybersecurity Maze: Master NIS2 with the help of ISO 27001
Corporate Security Alert: Identifying Dangerous Apps on Employee Phones
NIS2 national legistation, ransomware and a new development forum: Cyberday product and news round-up 9/2024 🛡️
IT and OT Cyber Security: Different Environments, Different Priorities
Show all
Content library
Open content libraryLabs
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.